High CVE-2024-3832: Object corruption in V8
High CVE-2024-3833: Object corruption in WebAssembly
High CVE-2024-3914: Use after free in V8
High CVE-2024-3834: Use after free in Downloads
Medium CVE-2024-3837: Use after free in QUIC
Medium CVE-2024-3838: Inappropriate implementation in Autofill
Medium CVE-2024-3839: Out of bounds read in Fonts
Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
Medium CVE-2024-3843: Insufficient data validation in Downloads
Low CVE-2024-3844: Inappropriate implementation in Extensions
Low CVE-2024-3845: Inappropriate implementation in Network
Low CVE-2024-3846: Inappropriate implementation in Prompts
Low CVE-2024-3847: Insufficient policy enforcement in WebUI
update to 123.0.6312.122
High CVE-2024-3157: Out of bounds write in Compositing
High CVE-2024-3516: Heap buffer overflow in ANGLE
High CVE-2024-3515: Use after free in Dawn
The Akira ransomware attack has actively and widely impacting businesses. According to CISA advisory, the ransomware group has impacted over 250 organizations and claimed approximately $42 million (USD) in ransomware proceeds. The ransomware group gains initial access via either less-secured VPN or Cisco vulnerabilities. Once the network is compromised, the threat actor is able to target a system and encrypt files with .akira extension.
What is the recommended Mitigation?
Review attack surfaces and ensure that all systems are kept up-to-date with the latest patches. Also, maintain general awareness and training about the risk of phishing and social engineering attacks in the organization.
What FortiGuard Coverage is available?
FortiGuard Labs has existing AV signatures (i.e. W64/Akira.C!tr.ransom) to block all the known malware variants used by Ransomware group and has blocked related IoCs via Web filtering service.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– JFS file system;
– BPF subsystem;
– Netfilter;
(CVE-2023-52600, CVE-2024-26589, CVE-2024-26591, CVE-2024-26581,
CVE-2023-52603)
Daniele Antonioli discovered that the Secure Simple Pairing and Secure
Connections pairing in the Bluetooth protocol could allow an
unauthenticated user to complete authentication without pairing
credentials. A physically proximate attacker placed between two Bluetooth
devices could use this to subsequently impersonate one of the paired
devices. (CVE-2023-24023)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– JFS file system;
– Netfilter;
(CVE-2024-26581, CVE-2023-52600, CVE-2023-52603)
