CISA warns of zero-day exploits of Windows and iOS bugs
Threat actors are actively exploiting two zero-day vulnerabilities in Windows and iOS, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The first flaw, CVE-2022-28244, affects Windows 10 and Windows 11 and allows an attacker to run arbitrary code with elevated privileges. CVE-2022-32789, the second vulnerability, affects iOS and iPadOS and allows an attacker to execute arbitrary code with kernel privileges.
According to CISA, the vulnerabilities are being actively exploited in the wild by threat actors, though no specific groups or campaigns are mentioned. According to the agency, it is working with affected vendors to develop patches for the vulnerabilities. All three were patched earlier this week as part of the February 2022 Patch Tuesday, and were classified as zero-days that were exploited in attacks before a fix was available.
The fourth vulnerability, a WebKit type confusion issue (CVE-2023-23529) that could lead to arbitrary code execution, was patched by Apple on Monday and is being actively exploited in the wild. This WebKit zero-day affects a wide range of devices, including older and newer models, including iPhone 8 and later, Macs running macOS Ventura, all iPad Pro models, and more.
The identification of these zero-day vulnerabilities highlights the ongoing threat posed by nation-state actors and other advanced threat groups. Zero-day vulnerabilities are frequently used by such groups to launch targeted attacks against specific organizations or individuals. When a zero-day vulnerability is discovered, it can be extremely difficult to mitigate because no patches or workarounds are available.
CISA recommends that users and organizations take basic security precautions, such as keeping their software up to date and using strong passwords, to mitigate the risk posed by these vulnerabilities. To detect and respond to potential attacks, they should also consider using security software and monitoring tools. Additionally, users should exercise caution when opening attachments or clicking on links from unknown sources, as these can be used to deliver malware or other types of attacks.
The sources for this piece include an article in BleepingComputer.