CISA uncovers two actively exploited vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has found two actively exploited vulnerabilities in its Known Exploited Vulnerabilities (KEV) list. The first is an Android Framework Privilege Escalation Vulnerability, CVE-2023-20963, and the second is an Insecure Deserialization Vulnerability in Novi Survey program, CVE-2023-29492.
The Android Framework Privilege Escalation Vulnerability, according to CISA, allows an attacker to obtain greater access on unpatched Android devices without the user taking any action. Google has admitted that the vulnerability may be exploited in a restricted, targeted manner, and the Chinese e-commerce startup Pinduoduo is said to have weaponized the issue as a zero-day to steal personal data and take control of devices.
An unsecured deserialization vulnerability in Novi Survey software can allow remote attackers to execute arbitrary code on the server in the context of the service account in the second vulnerability. The problem has been resolved in the current version, however it is still unclear how the vulnerability is being used in real-world assaults.
FCEB agencies in the United States have been recommended to implement the appropriate updates by May 4, 2023, to mitigate the risks caused by the vulnerabilities. The November 2021 binding operational order (BOD 22-01) requires that all security weaknesses in CISA’s KEV catalog be reviewed and corrected on all government networks.
It’s worth mentioning that Google addressed the Android issue in March 2023. The fact that Pinduoduo exploited the hole as a zero-day to take control of devices and steal sensitive data, on the other hand, raises severe concerns about the safety and security of apps obtained from unauthorized sources. Google deleted Pinduoduo’s official app from the Play Store in March, although it’s unclear how the APK files were signed with the same key used to sign the actual Pinduo app.
The vulnerabilities’ hazards underline the need of deploying timely software updates and fixing serious vulnerabilities as soon as possible to safeguard against cyber-attacks.
The sources for this piece include an article in TheHackerNews.