SentinelOne Uncovers Dell Vulnerability, Im …
Of course, as a cybersecurity pro, you’re effortlessly on top of all your software and security updates. But it’s been a particularly busy week when it comes to vulnerabilities on common devices and software. This week, we’re seeing some major security patches from Dell and Apple, plus some news on pretty popular Samsung devices.
Dell: Better Late Than Vulnerable
The laptop you brought to college (though not quite hot off that “Dude, You’re Getting a Dell!” marketing campaign) may be due for an update (likely alongside the one you’re working on now).
There’s an security issue on a driver going back to 2009 which includes five high-severity flaws — as uncovered by Data Connectors Community Partner Sentinel One. Attackers can use the newly discovered vulnerabilities “to locally escalate to kernel-mode privileges,” according to SentinelLabs. The team there has done an extensive deep dive and shown their proof of concept of the hack on their blog — an extremely clear and thoughtful dive that is well-worth the read. Dell has sold millions of laptops since 2009 with this flawed driver, including more recent XPS models.
In their research, the Sentinel team did not find any evidence of abuse in the wild, but Dell has responded with a fix on the dbutil_2_3.sys driver, and detailed instructions on how to mitigate this vulnerability on your device. Still have questions? Check out Dell’s complete FAQ on this — because chances are, if you’re using a Dell computer, you’ve likely been impacted by this.
Apple: An Update for WebKit Flaws
Following up on more ubiquitous devices with security flaws… it’s time to update your iPhone (model 6s and later), iPad (all models of Pros, 5th generation or later, Minis 4th generation or later). and iPod Touch (7th generation).
This one sounds pretty nefarious. The impact, as cited by Apple: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Fortunately, the fix is in — update your device. Don’t wait til tonight, because you’ll want to get this one fixed quickly. Apple has been patching lots of vulnerabilities lately (particularly following that AirDrop flaw that was leaking users’ email addresses), so it’s definitely worth it to stay on top of your available updates.
Samsung Galaxy S8 and S8 Plus Facing Sunset
If you’re still hanging on tight to your Samsung Galaxy S8 and S8 Plus, say goodbye to your security support. The company has taken up the policy of ending product support after four years, and so these are now officially going into retirement.
Recent news posts
This Week in Cyber: Eight Months After the Biden EO, Where’s the Cybersecurity Task Force?
Intelligence Report: With Rising Tensions in Ukraine, Russian Cyber Threats Loom Over US
Security Ratings Serve to Raise Risk Awareness: Web Briefing
This Week in Cyber News: Catching the Bad Guys
Around the Community: Partner Blogs
Attend an Event!
Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.