The Cybersecurity and Infrastructure Security Agency (CISA) has taken action to address critical cybersecurity threats by adding two newly discovered vulnerabilities to its Known Exploited Vulnerabilities Catalog.
Furthermore, these vulnerabilities, identified as CVE-2023-41064 and CVE-2023-41061, affect Apple iOS, iPadOS, macOS, and watchOS systems. They are known to pose significant risks as they are frequently targeted by malicious cyber actors. These additions aim to raise awareness of these vulnerabilities and prompt organizations to take proactive measures to protect their systems.
Additionally, the Known Exploited Vulnerabilities Catalog was established under Binding Operational Directive (BOD) 22-01, which is designed to mitigate known vulnerabilities that present substantial risks to the federal enterprise.
While BOD 22-01 primarily applies to Federal Civilian Executive Branch (FCEB) agencies, CISA strongly advises all organizations to prioritize the timely remediation of vulnerabilities listed in the catalog. This proactive approach helps reduce exposure to cyberattacks and enhances overall cybersecurity resilience. CISA also commits to continuously updating the catalog as new vulnerabilities meeting the specified criteria are identified.
In a cybersecurity landscape where threats are constantly evolving, the timely identification and mitigation of known vulnerabilities are crucial to safeguarding critical systems and data. CISA’s efforts in expanding the Known Exploited Vulnerabilities Catalog serve as a valuable resource for organizations looking to stay ahead of cyber threats and protect their digital assets.