Breaking News

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

CISA has added nine flaws to its Known Exploited Vulnerabilities catalog, including bugs exploited by commercial spyware on mobile devices.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Five of the issues added by CISA to its catalog are part of the exploits used by surveillance vendors to target mobile devices with their commercial spyware:

  • CVE-2021-30900 – Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability.
  • CVE-2022-38181 – Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
  • CVE-2023-0266 – Linux Kernel Use-After-Free Vulnerability
  • CVE-2022-3038 – Google Chrome Use-After-Free Vulnerability
  • CVE-2022-22706 – Arm Mali GPU Kernel Driver Unspecified Vulnerability

The decision to add the flaws to the catalog is the response of the agency to a recent report published by Google’s Threat Analysis Group (TAG) that shared details about two distinct campaigns which used several zero-day exploits against Android, iOS and Chrome. The experts pointed out that both campaigns were limited and highly targeted. The threat actors behind the attacks used both zero-day and n-day exploits in their exploits.

The exploits were used to install commercial spyware and malicious apps on targets’ devices.

Google TAG shared indicators of compromise (IoCs) for both campaigns.

The remaining flaws added to the catalog are:

  • CVE-2013-3163 – Microsoft Internet Explorer Memory Corruption Vulnerability
  • CVE-2017-7494 – Samba Remote Code Execution Vulnerability
  • CVE-2022-42948 – Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability
  • CVE-2022-39197 – Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix this flaw by April 20, 2023.

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:

  • The Teacher – Most Educational Blog
  • The Entertainer – Most Entertaining Blog
  • The Tech Whizz – Best Technical Blog
  • Best Social Media Account to Follow (@securityaffairs)

You can nominate yourself or your favourite blogger.

Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45

Security Affairs Malware newsletter includes a collection of the best articles and research on malware…

19 hours ago

Security Affairs newsletter Round 524 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles…

19 hours ago

Experts found rogue devices, including hidden cellular radios, in Chinese-made power inverters used worldwide

Chinese "kill switches" found in Chinese-made power inverters in US solar farm equipment that could…

22 hours ago

US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials

FBI warns ex-officials are targeted with deepfake texts and AI voice messages impersonating senior U.S.…

2 days ago

Shields up US retailers. Scattered Spider threat actors can target them

Google warns that the cybercrime group Scattered Spider behind UK retailer attacks is now targeting…

2 days ago

U.S. CISA adds Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities catalog<gwmw style="display:none;"></gwmw>

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium, DrayTek routers, and SAP NetWeaver…

2 days ago