Pattern Micro on Tuesday launched an advisory to warn prospects {that a} crucial vulnerability affecting Apex One and different endpoint security merchandise has been exploited within the wild.
The zero-day flaw, tracked as CVE-2023-41179, impacts Apex One, Apex One SaaS, and Fear-Free Enterprise Safety merchandise.
The vulnerability, associated to the merchandise’ means to uninstall third-party security software program, may be exploited for arbitrary code execution.
“To take advantage of this vulnerability, an attacker would want to have the ability to log into the product’s administrative console. As a result of an attacker would want to have stolen the product’s administration console authentication info prematurely, they might not be capable of infiltrate the goal community utilizing this vulnerability alone,” Pattern Micro famous in a Japanese-language advisory.
It added, “Pattern Micro has confirmed that this vulnerability has been utilized in precise assaults. We suggest updating to the newest model as quickly as potential.”
Patches have been launched for every of the impacted merchandise.
Pattern Micro usually doesn’t share details about the assaults exploiting vulnerabilities present in its merchandise.
Nonetheless, there have been a couple of situations the place some info has come to gentle, together with attribution to Chinese language risk actors and the potential exploitation of a flaw in an assault concentrating on Mitsubishi Electrical.
A number of Pattern Micro product vulnerabilities have been exploited in assaults up to now few years. CISA presently lists 9 such flaws in its Identified Exploited Vulnerabilities Catalog. The newest zero-day has but to be added.
