Hackers have been exploiting Apex code vulnerabilities in Salesforce to target security weaknesses, gain unauthorized access to confidential data, and manipulate the system. Apex is a programming language that allows for customizing Salesforce with Java-like syntax. It is responsible for executing logic, controlling transactions, and responding to system events.
Recently, cybersecurity researchers at Varonis Threat Labs uncovered serious Apex vulnerabilities in several Fortune 500 companies and government agencies. These vulnerabilities were deemed to be of high and critical severity, prompting the researchers to alert the affected organizations immediately.
One of the main issues with Apex code is the two different modes in which it can be run. The ‘Without sharing’ mode in Apex ignores user permissions, granting unrestricted access and modification. On the other hand, the ‘With sharing’ mode respects record-level permissions but overlooks object and field-level restrictions.
Running Apex classes in ‘without sharing’ mode poses significant risks as it can lead to insecure data access and vulnerabilities like SOQL injection. Varonis highlighted the potential misuse of Apex vulnerabilities by external users or guests, which can compromise data integrity.
In a live simulation, researchers demonstrated how attackers can exploit Apex vulnerabilities to gain unauthorized access to sensitive user data, such as phone or social security numbers. Despite the presence of custom security measures like ‘VerySecretFlag__c,’ loopholes in the Apex code can still be exploited to access restricted information.
To address these vulnerabilities, organizations are urged to review their Apex classes, especially those running in ‘without sharing’ mode, to enhance security measures. Additionally, Profiles and Permission Sets should be carefully examined to determine access rights and permissions.
By closely monitoring user activity with Event Monitoring and adopting safe coding practices, such as using queryName syntax in SOQL to prevent injection, organizations can strengthen their defenses against potential attacks. Adding “WITH SHARING_ENFORCED” to queries can also help enforce object- and field-level permissions.
Furthermore, malware protection solutions like Perimeter81 can help safeguard against various malicious threats, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. By staying proactive and implementing robust cybersecurity measures, organizations can mitigate the risks associated with Apex vulnerabilities and ensure the protection of sensitive data.
For more cybersecurity updates, whitepapers, and infographics, follow The Cybersecurity News on LinkedIn and Twitter. Stay informed and stay secure.