ClickCease CISA warns of zero-day exploits of Windows and iOS bugs

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

CISA warns of zero-day exploits of Windows and iOS bugs

March 2, 2023 - TuxCare PR Team

Threat actors are actively exploiting two zero-day vulnerabilities in Windows and iOS, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The first flaw, CVE-2022-28244, affects Windows 10 and Windows 11 and allows an attacker to run arbitrary code with elevated privileges. CVE-2022-32789, the second vulnerability, affects iOS and iPadOS and allows an attacker to execute arbitrary code with kernel privileges.

According to CISA, the vulnerabilities are being actively exploited in the wild by threat actors, though no specific groups or campaigns are mentioned. According to the agency, it is working with affected vendors to develop patches for the vulnerabilities. All three were patched earlier this week as part of the February 2022 Patch Tuesday, and were classified as zero-days that were exploited in attacks before a fix was available.

The fourth vulnerability, a WebKit type confusion issue (CVE-2023-23529) that could lead to arbitrary code execution, was patched by Apple on Monday and is being actively exploited in the wild. This WebKit zero-day affects a wide range of devices, including older and newer models, including iPhone 8 and later, Macs running macOS Ventura, all iPad Pro models, and more.

The identification of these zero-day vulnerabilities highlights the ongoing threat posed by nation-state actors and other advanced threat groups. Zero-day vulnerabilities are frequently used by such groups to launch targeted attacks against specific organizations or individuals. When a zero-day vulnerability is discovered, it can be extremely difficult to mitigate because no patches or workarounds are available.

CISA recommends that users and organizations take basic security precautions, such as keeping their software up to date and using strong passwords, to mitigate the risk posed by these vulnerabilities. To detect and respond to potential attacks, they should also consider using security software and monitoring tools. Additionally, users should exercise caution when opening attachments or clicking on links from unknown sources, as these can be used to deliver malware or other types of attacks.

 

The sources for this piece include an article in BleepingComputer.

Summary
CISA warns of zero-day exploits of Windows and iOS bugs
Article Name
CISA warns of zero-day exploits of Windows and iOS bugs
Description
Threat actors are actively exploiting two zero-day vulnerabilities in Windows and iOS, according to the CISA.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter