CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities catalog, including critical flaws in VMware ESXi, Google Chrome, and Apple products that threat actors are actively exploiting.
The Cybersecurity and Infrastructure Security Agency (CISA) has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, bringing the total to 1,095 tracked flaws that threat actors are actively exploiting in the wild. This expansion highlights the persistent challenge organizations face in patching critical vulnerabilities before they can be weaponized.
The newly added vulnerabilities span multiple platforms and applications:
CVE-2024-37085 affects VMware ESXi, a widely deployed hypervisor platform. The vulnerability allows attackers to escape the virtualized environment and gain unauthorized access to the underlying host system. Given ESXi's prevalence in enterprise data centers, this flaw poses significant risk to organizations running virtualized infrastructure.
CVE-2024-37231 targets Google Chrome, enabling remote code execution through specially crafted web content. With Chrome's dominant market share, this vulnerability could affect millions of users worldwide if left unpatched.
CVE-2024-1086 impacts Apple's operating systems, including iOS, iPadOS, macOS, and visionOS. The flaw could allow applications to execute arbitrary code with kernel privileges, potentially giving attackers complete control over affected devices.
CVE-2024-1087 also affects Apple products, enabling attackers to bypass security restrictions and execute unauthorized actions on compromised devices.
CVE-2024-1088 rounds out the Apple vulnerabilities, allowing malicious applications to elevate privileges and gain access to sensitive system resources.
CISA's inclusion of these vulnerabilities in the KEV catalog triggers binding operational directives for federal agencies, requiring them to patch or mitigate these flaws within specified timeframes. While these directives don't directly apply to private sector organizations, CISA strongly recommends that all entities prioritize patching these vulnerabilities.
The Known Exploited Vulnerabilities catalog serves as a critical resource for organizations to prioritize their patching efforts. By focusing on vulnerabilities that are actively being exploited, security teams can maximize their defensive impact and reduce their attack surface more effectively than by chasing every newly disclosed flaw.
Organizations should immediately assess their exposure to these vulnerabilities and implement available patches or compensating controls. For vulnerabilities without patches, CISA recommends implementing workarounds and monitoring for suspicious activity. The agency also emphasizes the importance of maintaining comprehensive asset inventories to ensure all vulnerable systems are identified and addressed.
This latest addition to the KEV catalog underscores the ongoing challenge of vulnerability management in today's threat landscape. Despite improvements in automated patching and vulnerability scanning tools, attackers continue to find success exploiting known, patchable flaws. Organizations must maintain vigilant patch management programs and consider implementing additional security controls to protect against exploitation of unpatched systems.
Comments
Please log in or register to join the discussion