CISA, the Cybersecurity and Infrastructure Security Agency, has updated its Known Exploited Vulnerabilities Catalog by adding three new vulnerabilities that have been actively exploited.
The vulnerabilities, identified as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373, are related to Apple’s Multiple Products WebKit and include a sandbox escape vulnerability, an out-of-bounds read vulnerability, and a use-after-free vulnerability. These types of vulnerabilities are frequently targeted by cybercriminals and pose significant risks to government networks and the federal enterprise.
Furthermore, the Known Exploited Vulnerabilities Catalog was established through the Binding Operational Directive (BOD) 22-01, which aims to reduce the significant risks posed by known vulnerabilities. This living catalog contains Common Vulnerabilities and Exposures (CVEs) that carry substantial risks to the federal enterprise.
Additionally, the BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due dates to protect their networks from active threats.
While the BOD 22-01 is applicable only to FCEB agencies, CISA strongly advises all organizations to prioritize the timely remediation of vulnerabilities listed in the catalog to reduce their exposure to cyberattacks.
By actively managing and addressing these vulnerabilities, organizations can enhance their overall vulnerability management practices and protect their networks from potential exploits. CISA will continue to update the catalog by including vulnerabilities that meet the specified criteria, keeping organizations informed about the latest security risks.
