CISA adds bugs in Chrome and macOS to its Known Exploited Vulnerabilities catalog

US Cybersecurity and Infrastructure Security Agency (CISA) added Chrome and macOS vulnerabilities to its Known Exploited Vulnerabilities catalog.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following five new issues to its Known Exploited Vulnerabilities Catalog:

  • CVE-2019-8526 – Apple macOS Use-After-Free Vulnerability. The CVE-2019-8526 flaw has been exploited by the DazzleSpy backdoor in watering hole attacks aimed at politically active individuals in Hong Kong. The issue was used to dump iCloud Keychain if the macOS version is lower than 10.14.4.
  • CVE-2023-2033 – Google Chromium V8 Engine Type Confusion Vulnerability. The CVE-2023-2033 flaw is the first Chrome zero-day vulnerability addressed by Google in 2023. The vulnerability was reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-11. Google did not disclose details of the attacks exploiting this vulnerability, it will not provide bug details and links until a majority of users will have updated their installs.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix this flaw by May 8, 2023.

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:

  • The Teacher – Most Educational Blog
  • The Entertainer – Most Entertaining Blog
  • The Tech Whizz – Best Technical Blog
  • Best Social Media Account to Follow (@securityaffairs)

Please nominate Security Affairs as your favorite blog.

Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

The post CISA adds bugs in Chrome and macOS to its Known Exploited Vulnerabilities catalog appeared first on Security Affairs.