Remote access tools are one of the most popular ways cybercriminals can compromise endpoints and deliver malware, and another popular service has now been affected.
VMware has released an important update for its Workspace ONE Assist tool, fixing three high-severity flaws that it says are being exploited now.
The flaws are elevation-of-privilege vulnerabilities, allowing threat actors to bypass authentication and log into the app as administrators. They are being tracked as CVE-2022-31685 (authentication bypass), CVE-202231686 (broken authentication method), and CVE-2022-31687 (broken authentication control). All of them have a severity score of 9.8.
Low complexity attacks
According to the company, hackers can abuse the flaws without any interaction from the victim. It described potential attacks as “low-complexity”.
"A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application," VMware said.
That being said, to stay safe from potential disaster, make sure to bring your Workspace ONE Assist to version 22.10 (89993), if you’re a Windows user.
VMware’s cumulative update also fixes a number of other flaws, including CVE-2022-31688 (cross-site scripting flaw), and CVE-2022-31689 (authentication after getting a valid session token flaw).
Cybercriminals often use remote access tools in their attacks, combining them with phishing emails, malicious landing pages, and fraudulent ads, for maximum effect.
The most common type of attack begins with a redirect to a malicious landing page that will warn the victim their computer is infected with viruses, and needs urgent assistance from a professional. Such landing pages provide phone numbers that the victims can call, to get “help”. The fraudsters on the other end of the line would trick the victims into downloading legitimate remote access software, and use it to gain direct control of the target device.
- Here's the rundown of the best firewalls around
Via: BleepingComputer
