The CISA has added around seven vulnerabilities to its ‘Known Exploited Vulnerabilities Catalog’ list which has been breached by the cyber attackers, with a newly defect revealed by Apple Inc.
Consequently, adding these seven vulnerabilities in the catalog, the list now contains around 801 CVEs in total. The CISA now requires all of the seven vulnerabilities to be patched by September 8th, 2022. However, no details have been given yet on how the malicious actors used them in the cyberattacks.
One of he newly added vulnerability is the critical SAP CVE-2022-22536 vulnerability was revealed by Onapsis in February. CISA immediately alerted the admins to patch the bug as it could lead to data theft fraud risks, ransomware attacks and many other serious security problems.
Apple didn’t gave any details on how they were breached, but as CVE-2022-32894 lets code to be executed with the Kernel privileges, it would allow the complete takeover of the device. Accordingly, the Google CVE-2022-2856 vulnerability was fixed in Google Chrome 104.0.5112.101. Microsoft also fixed the CVE-2022-21971 remote code execution vulnerability in the February 2022 while no details have been disclosed on how they were exploited.
