Security News > 2022 > August > CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog
The U.S. Cybersecurity and Infrastructure Security Agency on Friday added 10 new actively exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog, including a high-severity security flaw affecting industrial automation software from Delta Electronics.
The development adds weight to the notion that adversaries are getting faster at exploiting newly published vulnerabilities when they are first disclosed, leading to indiscriminate and opportunistic scanning attempts that aim to take advantage of delayed patching.
Among other actively exploited flaws added to the list are as follows -.
Another high-severity flaw added to the KEV Catalog is CVE-2021-31010, a deserialization issue in Apple's Core Telephony component that could be leveraged to circumvent sandbox restrictions.
While there were no indications that the flaw was being exploited at the time, the tech giant appears to have silently revised its advisories on May 25, 2022 to add the vulnerability and confirm that it had indeed been abused in attacks.
"Apple was aware of a report that this issue may have been actively exploited at the time of release," the tech giant noted, crediting Citizen Lab and Google Project Zero for the discovery.
News URL
https://thehackernews.com/2022/08/cisa-adds-10-new-known-actively.html
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-24 | CVE-2021-31010 | Deserialization of Untrusted Data vulnerability in Apple products A deserialization issue was addressed through improved validation. | 7.5 |