MUST READ

Google addressed two Android flaws actively exploited in targeted attacks

 | 

U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog

 | 

Android droppers evolved into versatile tools to spread malware

 | 

Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft

 | 

Cloudflare blocked a record 11.5 Tbps DDoS attack

 | 

Palo Alto Networks disclose a data breach linked to Salesloft Drift incident

 | 

Von der Leyen’s plane hit by suspected Russian GPS Jamming in Bulgaria, landed Safely

 | 

Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info

 | 

Crooks exploit Meta malvertising to target Android users with Brokewell

 | 

North Korea’s APT37 deploys RokRAT in new phishing campaign against academics

 | 

Fraudster stole over $1.5 million from city of Baltimore

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 60

 | 

Security Affairs newsletter Round 539 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Amazon blocks APT29 campaign targeting Microsoft device code authentication

 | 

Lab Dookhtegan hacking group disrupts communications on dozens of Iranian ships

 | 

New zero-click exploit allegedly used to hack WhatsApp users

 | 

US and Dutch Police dismantle VerifTools fake ID marketplace

 | 

Experts warn of actively exploited FreePBX zero-day

 | 

Google: Salesloft Drift breach hits all integrations

 | 

Dutch intelligence warn that China-linked APT Salt Typhoon targeted local critical infrastructure

 | 

U.S. CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog

Pierluigi Paganini November 22, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog:

  • CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability
  • CVE-2024-44309 Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability
  • CVE-2024-21287 Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability

This week, Apple released security updates for two zero-day vulnerabilities, tracked as CVE-2024-44309 and CVE-2024-44308, in iOS, iPadOS, macOS, visionOS, and Safari web browser, which are actively exploited in the wild.

The vulnerability CVE-2024-44309 is a cookie management issue in WebKit that could lead to a cross-site scripting (XSS) attack when processing malicious web content.

“Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.” reads the advisory.

Apple addressed the cookie management issue with improved state management.

The vulnerability CVE-2024-44308 impacts the JavaScriptCore and could lead to arbitrary code execution when processing malicious web content.

“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.” reads the advisory.

The company fixed the issue with improved checks.

The IT giant did not disclose details about the attack or attribute it to specific threat actors.

Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group discovered both vulnerabilities.

Google’s Threat Analysis Group (TAG) focuses on protecting users by monitoring and countering advanced persistent threats (APTs) and cyber-espionage activities, often involving commercial spyware. This suggests that the two flaws may be part of an exploit employed by an advanced threat actor.

The vulnerability CVE-2024-21287 is an incorrect authorization issue in Oracle Agile PLM Framework (version 9.3.6) that allows unauthenticated attackers to access critical or all data via HTTP.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix this vulnerability by December 12, 2024.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)

CISA Hacking hacking news information security news IT Information Security Known Exploited Vulnerabilities Catalog Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini September 03, 2025
Google addressed two Android flaws actively exploited in targeted attacks
Read more
Pierluigi Paganini September 03, 2025
U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Google addressed two Android flaws actively exploited in targeted attacks

Security / September 03, 2025

U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog

Hacking / September 03, 2025

Android droppers evolved into versatile tools to spread malware

Malware / September 03, 2025

Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft

Hacking / September 03, 2025

Cloudflare blocked a record 11.5 Tbps DDoS attack

Cyber Crime / September 02, 2025