Latest news with #PositiveTechnologies
TECHx
09-07-2025
- TECHx
High-Severity Windows Flaw Revealed by Security Expert
Home » Emerging technologies » Cyber Security » High-Severity Windows Flaw Revealed by Security Expert Positive Technologies has revealed a high-severity vulnerability affecting 37 desktop and server Windows operating systems. The flaw impacts Windows 11, Windows 10, Server 2025, Server 2022, and Server 2019 across various versions and architectures. The vulnerability, identified as CVE-2025-49689, was discovered by Sergey Tarasov, Specialist at the Positive Technologies Expert Security Center. It affects the NTFS file system driver and was assigned a CVSS 3.1 severity score of 7.8. The flaw could have enabled privilege escalation if a user opened a malicious virtual hard disk (VHD). This would allow attackers to bypass Windows security and gain full control of the system. Microsoft was notified under responsible disclosure protocols and released patches in July 2025. • Over 1.5 million devices are reportedly exposed • U.S. and China account for the largest number of affected systems StatCounter data shows Windows 11's market share rose from below 30% in 2024 to over 43% by May 2025. Tarasov explained that attackers often use VHD files in phishing campaigns. Many users treat these files like ordinary archives, increasing the risk of exploitation. Positive Technologies recommends users install the latest Windows updates. If updates cannot be applied, users should only open VHD files from trusted sources. The company also advises deploying its tools, including MaxPatrol VM and MaxPatrol EDR, to detect and prevent similar threats. In 2024, Tarasov helped address another vulnerability, CVE-2024-43629, affecting Windows 10, 11, and Server editions. In 2017, the PT Expert Security Center collaborated with Microsoft to resolve CVE-2017-0263.
Mid East Info
24-06-2025
- Mid East Info
Apple thanks Positive Technologies for discovering a vulnerability in its Shortcuts app - Middle East Business News and Information
PT SWARM expert Egor Filatov found a critical vulnerability in Shortcuts, a built-in macOS app that streamlines device management by automating repetitive user actions. If successfully exploited, the security flaw could allow an attacker to gain full control over the device, including the ability to read, edit, and delete any data. If the compromised device happens to be a laptop connected to a corporate network, the attacker could also infiltrate the internal company infrastructure. The vulnerability, tracked as BDU:2025-02497 and rated 8.6 out of 10 on the CVSS 3.0 scale, affects Shortcuts 7.0 (2607.1.3). The vendor was notified of the threat in line with the responsible disclosure policy and has already released a software patch . Users are advised to upgrade to macOS Sequoia 15.5 or later. If updating the OS is currently not possible, Positive Technologies recommends users to pay close attention to the downloaded shortcuts before running them or avoid using them altogether. The Shortcuts app was introduced with macOS Monterey back in 2021 and has been supported in macOS Ventura, Sonoma, and Sequoia versions over the past four years. With the app, users can create shortcuts to automate various tasks, such as starting a timer, playing music, or converting text to audio. Users also have access to macros that provide ready-made shortcuts. A threat actor could leverage this functionality by uploading infected templates to the library. For the security flaw to be exploited, it would be enough for the victim to inadvertently run a malicious macro on their device. 'An attacker could exploit this vulnerability to target any Shortcuts user,' said Egor Filatov, Junior Mobile Application Security Researcher at Positive Technologies. 'Before remediation, the vulnerability allowed an attacker to bypass macOS security mechanisms and execute arbitrary code on the victim's system.' According to the expert, the potential consequences of successful attacks include the following: Theft of confidential data or deletion of valuable information Malware execution Installation of backdoors aimed at maintaining access to the system even after vulnerability patching Ransomware infection Disruption to the organization's business processes (if a corporate device is compromised) Positive Technologies experts have been studying Apple products for over a decade. In 2018, Maxim Goryachy and Mark Ermolov, while looking for security flaws in Intel Management Engine, found a firmware vulnerability ( CVE-2018-4251 ) affecting personal computers made by Apple and other manufacturers. In 2017, Timur Yunusov warned the community about multiple security gaps he discovered in Apple Pay: by exploiting the vulnerabilities, attackers could compromise users' bank cards and make unauthorized payments on external resources. Before that, another Positive Technologies researcher found and helped eliminate a critical vulnerability in the website, which could allow an adversary to conduct a directory traversal attack and gain access to private data. In addition to the macOS version of Shortcuts, there is also an iOS version of the app for mobile devices. To prevent threat actors from infiltrating the corporate network via vulnerable mobile apps, companies should protect their apps against reverse engineering. This can be done with solutions such as PT MAZE , which turns the application into an impenetrable maze, making attacks too resource-intensive for adversaries. Positive Technologies is an industry leader in result-driven cybersecurity and a major global provider of information security solutions. Our mission is to safeguard businesses and entire industries against cyberattacks and non-tolerable damage. Positive Technologies is the first and only cybersecurity company in Russia on the Moscow Exchange (MOEX: POSI), with 220,000 shareholders and counting. Follow us on X , LinkedIn , and in the News section at
Tahawul Tech
24-06-2025
- Tahawul Tech
Don't take any ‘shortcuts' – Positive Technologies find critical vulnerability in macOS application
PT SWARM expert Egor Filatov found a critical vulnerability in Shortcuts, a built-in macOS app that streamlines device management by automating repetitive user actions. If successfully exploited, the security flaw could allow an attacker to gain full control over the device, including the ability to read, edit, and delete any data. If the compromised device happens to be a laptop connected to a corporate network, the attacker could also infiltrate the internal company infrastructure. The vulnerability, tracked as BDU:2025-02497 and rated 8.6 out of 10 on the CVSS 3.0 scale, affects Shortcuts 7.0 (2607.1.3). The vendor was notified of the threat in line with the responsible disclosure policy and has already released a software patch. Users are advised to upgrade to macOS Sequoia 15.5 or later. If updating the OS is currently not possible, Positive Technologies recommends users to pay close attention to the downloaded shortcuts before running them or avoid using them altogether. The Shortcuts app was introduced with macOS Monterey back in 2021 and has been supported in macOS Ventura, Sonoma, and Sequoia versions over the past four years. With the app, users can create shortcuts to automate various tasks, such as starting a timer, playing music, or converting text to audio. Users also have access to macros[1] that provide ready-made shortcuts. A threat actor could leverage this functionality by uploading infected templates to the library. For the security flaw to be exploited, it would be enough for the victim to inadvertently run a malicious macro on their device. 'An attacker could exploit this vulnerability to target any Shortcuts user,' said Egor Filatov, Junior Mobile Application Security Researcher at Positive Technologies. 'Before remediation, the vulnerability allowed an attacker to bypass macOS security mechanisms and execute arbitrary code on the victim's system.' According to the expert, the potential consequences of successful attacks include the following: Theft of confidential data or deletion of valuable information Malware execution Installation of backdoors[2] aimed at maintaining access to the system even after vulnerability patching Ransomware[3] infection Disruption to the organization's business processes (if a corporate device is compromised) Positive Technologies experts have been studying Apple products for over a decade. In 2018, Maxim Goryachy and Mark Ermolov, while looking for security flaws in Intel Management Engine, found a firmware vulnerability (CVE-2018-4251) affecting personal computers made by Apple and other manufacturers. In 2017, Timur Yunusov warned the community about multiple security gaps he discovered in Apple Pay: by exploiting the vulnerabilities, attackers could compromise users' bank cards and make unauthorized payments on external resources. Before that, another Positive Technologies researcher found and helped eliminate a critical vulnerability in the website, which could allow an adversary to conduct a directory traversal attack and gain access to private data. In addition to the macOS version of Shortcuts, there is also an iOS version of the app for mobile devices. To prevent threat actors from infiltrating the corporate network via vulnerable mobile apps, companies should protect their apps against reverse engineering. This can be done with solutions such as PT MAZE, which turns the application into an impenetrable maze, making attacks too resource-intensive for adversaries. [1] A macro is a pre-programmed sequence of actions defined by the user. [2] A backdoor is a type of malware that allows unauthorized access to data or enables remote control of the compromised system. Typically, an attacker installs a backdoor on a target system for future access. [3] Ransomware is a type of malware that encrypts a victim's files or locks them out of their computer system, giving the attacker control over any personal information stored on the compromised device. The attacker can then demand a ransom, threatening to leave the files or system inaccessible to the victim or to disclose confidential data if the ransom is not paid.
TECHx
23-06-2025
- TECHx
Critical macOS Shortcuts Flaw Reported by PT SWARM Expert
Home » Emerging technologies » Cyber Security » Critical macOS Shortcuts Flaw Reported by PT SWARM Expert PT SWARM expert Egor Filatov has discovered a critical vulnerability in Shortcuts, a built-in Critical macOS app used to automate user actions. The flaw, if exploited, could give an attacker full control over a device. Positive Technologies revealed that the vulnerability is tracked as BDU:2025-02497 and carries a severity score of 8.6 out of 10 on the CVSS 3.0 scale. It affects Shortcuts version 7.0 (2607.1.3). The app has been part of macOS since Monterey, and is also supported in Ventura, Sonoma, and Sequoia. If a compromised device is connected to a corporate network, attackers could infiltrate the internal infrastructure. Filatov warned that it would be enough for a victim to run a malicious macro unknowingly. Positive Technologies reported that the vendor was notified in line with responsible disclosure policies. A patch has already been issued. Users are advised to upgrade to macOS Sequoia 15.5 or later. If an OS update is not possible, users should avoid downloading unknown shortcuts or using the app altogether. According to the report, possible consequences of exploitation include: Theft or deletion of sensitive data Remote malware installation and ransomware attacks Business disruption in corporate environments The company emphasized that threat actors could upload infected shortcut templates to the app's library. Before the patch, the flaw could be used to bypass macOS security and execute arbitrary code. Positive Technologies has a long track record of studying Apple products. In 2018, its researchers discovered a firmware flaw in Intel Management Engine that affected Apple computers. In 2017, vulnerabilities in Apple Pay were reported, allowing unauthorized transactions. The Shortcuts app is also available on iOS. To prevent threats on mobile, companies are advised to use solutions like PT MAZE. It protects apps by making reverse engineering difficult and costly for attackers.
Forbes
18-06-2025
- Forbes
Google Chrome Warning—Do Not Ignore 7 Day Update Deadline
New Chrome warning for 2 billion users. New warnings have been issued for Chrome's 3 billion users, emphasizing the need to keep browsers updated at all times. Google has just issued a new update, which fixes two high-severity vulnerabilities and should be installed right away. More critically, an ongoing update mandate deadline in now just 7 days away. America's cyber defense agency warns Chrome 'contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page.' CISA says update before June 26 or stop using Chrome. The formal mandate applies just to federal employees, but CISA operates 'for the benefit of the cybersecurity community and network defenders — and to help every organization better manage vulnerabilities and keep pace with threat activity.' That means all organizations should take note of this deadline and adhere if possible. That should be evident anyway, but a new warning has just detailed exploitation of a Google Chrome zero-day disclosed earlier this year. Kaspersky discovered 'a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers' website was opened using the Google Chrome web browser.' Now, Positive Technologies says its Threat Intelligence Department 'analyzed an attack that exploited [this] zero-day vulnerability (sandbox escape)' dating back to 2024. As I warned when CVE-2025-2783 was first disclosed, Google quickly released an emergency update and then CISA issued a 21-day update mandate. The current CISA update mandate is for CVE-2025-5419, which is also an 'out-of-bounds read and write in V8,' a similar memory issue to the integer overflow and use after free vulnerabilities patched this week, albeit those do not have known exploits as yet. We're two weeks into CISA's mandate, and so this is the period of maximum risk. Ensure your browsers are updated — which means restarting when it downloads. While home users should adhere to CISA warnings, it's more critical for enterprises likely to come under attack from sophisticated phishing campaigns exploiting these vulnerabilities. Remember, once the flaw is made public, it's a race against time for attackers to use it or lose it when browsers are patched. Do that right away.
