The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities catalog with six additional vulnerabilities that affect products from Apple, Adobe, Apache, D-Link, and Joomla. The Known Exploited Vulnerabilities catalog, also known as KEV, contains security flaws that are being actively exploited by cybercriminals, making it a crucial resource for organizations worldwide in their vulnerability management and prioritization process.
CISA's notice states, "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise." The agency has mandated federal agencies to either patch these actively exploited vulnerabilities or discontinue the use of the vulnerable products by January 29.
The six vulnerabilities highlighted this time include CVE-2023-27524, CVE-2023-29300, CVE-2023-38203, and CVE-2023-41990. Some of these flaws have been used in attacks that were only recently revealed. For instance, CVE-2023-41990 was utilized in the 'Operation Triangulation' campaign, which has been active since 2019 and was only detected in June 2023 by Kaspersky after some of its researchers' devices were infected.
This is the last in a series of four vulnerabilities that a threat actor exploited to evade security measures in iPhones used by several targets worldwide, including in Europe. CVE-2023-38203 and CVE-2023-29300 have been exploited by hackers since mid-2023 after security researchers showed that the vendor's patches could be circumvented. In the case of CVE-2023-27524, proof-of-concept (PoC) exploits were made public last September, paving the way for widespread exploitation by malicious actors.
CISA is urging organizations and federal agencies to inspect their assets for these and other vulnerabilities listed in the KEV catalog and to implement the necessary security updates or mitigation measures.