Citrix fixes major security flaws across several services
Flaws allowed for elevation of privilege, potentially giving hackers access to compromised systems
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Citrix released a patch for a number of high-severity vulnerabilities affecting multiple offerings, the company confirmed in a security bulletin earlier this week.
Given the severity of the flaws, the prevalence of the tools in question, and the fact that there are no workarounds and other mitigations, the company said it was pivotal for the affected organizations to apply the fix immediately.
The Us Cybersecurity & Infrastructure Security Agency (CISA) also chimed in, issuing an alert of its own, urging Citrix customers to not stall with the updates, BleepingComputer has found.
Five flaws
There are a total of five vulnerabilities addressed in the patch: CVE-2023-24483 (allows for privilege escalation), CVE-2023-24484 (allows for access to log files otherwise out of reach for regular users), CVE-2023-24485 (allows for privilege escalation), CVE-2023-24486 (allows for session takeover), and CVE-2023-24483 (allows for privilege escalation to NT AUTHORITY\SYSTEM).
This final flaw is the most severe of all, giving potential threat actors a way to execute arbitrary code, obtain important documents, and tweak the targetendpoint’ssystem.
The tools affected by these flaws are Citrix Virtual Apps and Desktops, and the Workspace app, namely these versions:
Citrix urges admins to patch these dangerous flaws immediately>NSA warns Citrix devices are under attack from Chinese hackers, so update now>These are the best malware protections around
“Citrix strongly recommends that customers upgrade to a fixed version as soon as possible,” the company said in its security bulletin.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
As there are no mitigations or workarounds for these flaws, the only way to remain secure is to install the patches, the company added.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
Quordle today – hints and answers for Saturday, November 9 (game #1020)
