CISA Adds 6 Vulnerabilities: Apple Also on Attack List

CISA Adds 6 Vulnerabilities: Apple Also on Attack List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

This includes a high-severity security vulnerability, CVE-2023-27524 (CVSS score: 8.9), affecting Apache Superset, an open-source data visualization software, allowing remote code execution. The details of this issue first surfaced in April 2023, described by Naveen Sunkavally from as “a dangerous default configuration in Apache Superset that allows an unauthenticated attacker to execute remote code, gather credentials, and jeopardize data.”

Currently, it is unknown how this security vulnerability is being exploited. Additionally, CISA has added five more flaws:

• CVE-2023-38203 (CVSS score: 9.8) – Insecure Deserialization Vulnerability in Adobe ColdFusion

• CVE-2023-29300 (CVSS score: 9.8) – Insecure Deserialization Vulnerability in Adobe ColdFusion

• CVE-2023-41990 (CVSS score: 7.8) – Multiple Product Code Execution Vulnerability in Apple

• CVE-2016-20017 (CVSS score: 9.8) – Command Injection Vulnerability in D-Link DSL-2750B Devices

• CVE-2023-23752 (CVSS score: 5.3) – Inappropriate Access Control Vulnerability in Joomla!

CVE-2023-41990, patched by Apple in iOS 15.7.8 and iOS 16.3, is being used by unknown actors as part of Triada Operation spyware attacks to enable remote code execution while processing a specially crafted iMessage PDF attachment.

The Federal Civilian Executive Branch (FCEB) agencies are advised to apply fixes for the above-mentioned vulnerabilities by January 29, 2024, to protect their networks against active threats.

Mert Doğukan is an experienced C-level executive, CISO, specialized in information security and risk management. With strong leadership qualities and strategic vision, he plays a crucial role in protecting and ensuring the security of the company's information assets. He demonstrates top-level performance in developing, implementing, and auditing corporate-level information security strategies. Additionally, he closely monitors technological advancements to continuously update and enhance the company's cybersecurity infrastructure.

Related Posts