CISA added CVE-2019-8526 & CVE-2023-2033 to its known exploited vulnerabilities catalog
The two flaws in question, CVE-2019-8526, and CVE-2023-2033, have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. This indicates that active exploitation of these vulnerabilities has been detected, and federal agencies must act swiftly to secure their systems.
- CVE-2019-8526 (CVSS score of 7.8): Apple macOS Privilege Escalation
The first vulnerability pertains to Apple’s macOS operating system. This flaw allows a local attacker to obtain elevated privileges by exploiting a use-after-free issue in the Security component. A malicious actor could use a specially-crafted application to exploit this vulnerability and gain unauthorized access to sensitive information or tamper with system settings. Apple has addressed this issue with improved memory management, but federal agencies need to ensure they apply the necessary patch to prevent potential exploitation.
- CVE-2023-2033: Google Chrome V8 Code Execution
In response to these threats, FCEB agencies must adhere to the binding operational directive (BOD 22-01) issued in November 2022, mandating the patching of all security bugs listed in CISA’s KEV catalog. With the deadline set for May 8, 2023, federal agencies are in a race against time to secure their systems and protect their digital assets.