Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.
Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.
‘Unpatchable’ flaws in Apple’s T2 security chip
A certain iteration of Apple’s T2 security-centric co-processing unit is embedded with two critical flaws that can be exploited in combination to grant hackers full access to targeted MacOS devices.
Weekly threat roundup: Nvidia, BitLocker, and HackerOne IT Pro Panel: Why is patch management so difficult? The most popular ransomware strains targeting UK businesses
'Checkm8', originally an iPhone vulnerability, and 'Blackbird' can be exploited in the T2 security chips built on Apple’s A10 architecture, present in some, but not the newest, Macs.
The CheckM8 bug allows hackers to circumvent the activation lock, and ‘jailbreak’ targeted devices. Once this happens, the T2 chip would normally exit with a fatal error if it recognised that the Device Firmware Update (DFU) mode was enabled. With the Blackbird exploit, however, hackers are able to bypass this critical security check, and gain full root access to the device.
Alarmingly, according to Iron Peak, the core vulnerability is can't be patched through software updates as the T2 operating system is classed in read-only memory for security reasons. The bugs currently affect Mac devices shipped with Intel CPUs, and may not affect units fitted with Arm-based processors, although there’s no guarantee.
85 flaws in Android and Google Chrome
Google has released patches to fix severe bugs in both its Chrome web browser and its Android operating system this week. The firm fixed 35 flaws in the former, and more than 50 vulnerabilities in the latter.
With the release of Chrome 86, Google has patched a critical flaw in the browser’s payments component, tagged CVE-2020-15967. This is a use-after-free memory corruption vulnerability that would give rise to various problems, including scope for a programme to crash or the execution of arbitrary code.
The pick of the Android flaws, of which 22 were rated critical, includes two escalation of privilege bugs that exist in the core of the operating system. These two, tagged CVE-2020-0215 and CVE-2020-0416, can be exploited remotely by an attacker using a specially crafted transmission.
Common flaws in widely-used anti-malware tools
Cyberark has disclosed a series of vulnerabilities present in the widely-used products developed by many cyber security vendors, including McAfee, Kaspersky, Checkpoint and Fortinet, among others.
These bugs, of which there are at least 12, often allow hackers to execute a privilege escalation attack of the local system, with anit-virus software targeted specifically because of their high privileges. One example of an exploitable flaw is the Shared Log File bug, which is present in Avira’s antivirus software, while another is DLL hijacking, which researchers demonstrated as being exploitable in TrendMicro’s antivirus software
Cyberark has estimated that “probably every Windows machine” has had at least one software that could be abused to gain elevated privileges using file manipulation attacks.
IoT botnet Ttint exploiting unpatched Tenda routers
Attackers are exploiting two flaws in routers manufactured by Tenda to spread a remote access troject (RAT) heavily based on the Mirai malware to create a sophisticated botnet.
Two zero-day flaws tagged as CVE-2018-14558 and CVE-2020-10987, as highlighted by Netlab, are being exploited by the malware to not only create this botnet, but also conduct remote code execution attacks.
In addition to ten distributed denial of service (DDoS) attack instructions, there are also 12 different remote access methods embedded in the RAT, according to analysis. This additional functionality stands it apart from most other botnets.
When running, Ttint deletes its own files, manipulates the watchdog, and prevents an affected route from restarting. The malware also runs on a single instance by binding to the port, and modifies the process name to confuse the user. Neither flaw has been patched to date, Netlab claims.
AMD glitch that could cause BSOD
A denial-of-service vulnerability exists in AMD-manufactured graphics card drivers that may result in a user’s system to crash, and produce the dreaded blue screen of death (BSOD).
RELATED RESOURCE
How to improve cyber security for remote working
13 recommendations for security from any location
The flaw lies in the way a specially-crafted D3DKMTCreateAllocation API request may cause an out-of-bounds read and denial of service, and can be triggered from non-privileged user accounts. Cisco Talos researchers, who discovered the vulnerability, claim an attack can influence the read address when this function is triggered by modifying the payload, and cause such a system crash deliberately.
The bug, tagged as CVE-2020-12911, has been rated 7.1 on the CVSS scale, but won’t be patched until early in the first quarter of 2020.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the last
News Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackersNews Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Healthcare systems are rife with exploits — and ransomware gangs have noticedNews Nearly nine-in-ten healthcare organizations have medical devices that are vulnerable to exploits, and ransomware groups are taking notice.
-
Alleged LockBit developer extradited to the USNews A Russian-Israeli man has been extradited to the US amid accusations of being a key LockBit ransomware developer.
-
February was the worst month on record for ransomware attacks – and one threat group had a field dayNews February 2025 was the worst month on record for the number of ransomware attacks, according to new research from Bitdefender.
-
CISA issues warning over Medusa ransomware after 300 victims from critical sectors impactedNews The Medusa ransomware as a Service operation compromised twice as many organizations at the start of 2025 compared to 2024
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
