Tuesday, January 14, 2025
HomeAppleCritical OpenSSH “regreSSHion” Vulnerability Impacted macOS  Systems, Patch Now

Critical OpenSSH “regreSSHion” Vulnerability Impacted macOS  Systems, Patch Now

Published on

A serious flaw in OpenSSH servers, dubbed “regreSSHion,” affects macOS systems and could allow a remote attacker to execute arbitrary code.

A few weeks ago, Qualys’ threat research unit discovered this vulnerability, which has been identified as regreSSHion and tracked as CVE-2024-6387

It was found that on glibc-based Linux systems, the vulnerability—a signal handler race condition in OpenSSH’s server, sshd—allows unauthenticated remote code execution (RCE) as root.

Today, Apple acknowledged that this significant vulnerability also impacts macOS systems.

How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide

Overview Of The Vulnerability

With a CVSS base score of 8.1, this high severity vulnerability in sshd was discovered in Portable OpenSSH versions 8.5p1 to 9.7p1.

Researchers say, in its default configuration, sshd is impacted by this race condition.

The cybersecurity company claimed to have found at least 14 million potentially dangerous OpenSSH server instances over the internet. 

It further stated that the issue is a recurrence of an 18-year-old vulnerability, tracked as CVE-2006-5051, fixed and reintroduced in OpenSSH version 8.5p1 in October 2020.

“Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with ASLR. Under lab conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum the server will accept”, OpenSSH said in its advisory.

Successful exploitation of the vulnerability leads to a complete system compromise and takeover, allowing threat actors to execute arbitrary code. 

Apple announced today that this serious issue also affects impacted systems and recommended users patch it right away.

Impacted Systems

It is recommended that all affected systems be updated to the most recent versions of macOS Monterey 12.7.6, macOS Ventura 13.6.8, and macOS Sonoma 14.6.

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Google’s “Sign in with Google” Flaw Exposes Millions of Users’ Details

A critical flaw in Google's "Sign in with Google" authentication system has left millions...

Hackers Attacking Internet Connected Fortinet Firewalls Using Zero-Day Vulnerability

A widespread campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the...

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Google’s “Sign in with Google” Flaw Exposes Millions of Users’ Details

A critical flaw in Google's "Sign in with Google" authentication system has left millions...

Hackers Attacking Internet Connected Fortinet Firewalls Using Zero-Day Vulnerability

A widespread campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the...

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...