The Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation.
At the same time, the two vulnerabilities are CVE-2019-8526 Apple macOS Use-After-Free Vulnerability and CVE-2023-2033 Google Chromium V8 Engine Type Confusion Vulnerability. These types of vulnerabilities are frequently used by malicious cyber actors and pose significant risks to the federal enterprise.
Furthermore, the Known Exploited Vulnerabilities Catalog was established through the Binding Operational Directive (BOD) 22-01, which requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats.
The catalog is a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to prioritize the timely remediation of catalog vulnerabilities as part of their vulnerability management practice to reduce their exposure to cyberattacks.
Additionally, the agency plans to continue adding vulnerabilities to the catalog that meet the specified criteria.
The addition of these two vulnerabilities to the catalog serves as a reminder for organizations to remain vigilant about their cybersecurity and to regularly update their security measures.
Failure to address known vulnerabilities can leave organizations open to attacks that can cause significant damage to their operations, finances, and reputation.
