Today is Friday, which means that Jet CSIRT specialists have again collected key information security news for you. This time in the TOP-3 - fixing critical vulnerabilities in Apple and VMware, as well as hacking Japanese government organizations. The news was chosen by Igor Fitz, analyst of the Center for Monitoring and Response to Incidents of Information Security Jet CSIRT, Jet Infosystems.
Read more under the cut.
VMware patches critical vulnerabilities in vCenter Server
VMware has identified and fixed a Remote Code Execution (RCE) vulnerability (CVE-2021-21985) in the vSphere Client (HTML5). The vulnerability is due to a lack of input validation in the VSAN Health Check plug-in, which is enabled by default in vCenter Server. To exploit CVE-2021-21985, an attacker needs to have access to port 443. In addition to RCE, VMware has fixed the CVE-2021-21986 vulnerability related to the authentication mechanism in the vCenter Server plug-ins. Based on the severity of the issues found, VMware encourages vCenter users to immediately update vCenter Server versions 6.5, 6.7 and 7.0.
Hackers stole data from Japanese government officials
Several Japanese government organizations have been hacked through the Fujitsu ProjectWEB information exchange tool. According to media reports, having obtained unauthorized access to information systems, the attackers seized at least 76,000 email addresses of employees and contractors. So far, the incident has affected the Ministry of Foreign Affairs of Japan, the Ministry of Land, Infrastructure, Transport and Tourism of Japan and Narita International Airport. Fujitsu has suspended ProjectWEB until the scope and cause of the incident is fully established.
Apple patches zero-day vulnerabilities
Apple has released a security update that fixes three zero-day vulnerabilities that attackers have exploited in real-world attacks. Operation of CVE-2021-30713 allows you to bypass standard TCC privacy protection and thereby gain full access to disk, screen recording and other system functions without asking for explicit consent from the user. Two other vulnerabilities (CVE-2021-30663 and CVE-2021-30665) affect the WebKit browser engine on Apple TV 4K and Apple TV HD devices and can lead to remote code execution on the attacked devices.