June 7, 2023

The US CISA added the following five new issues to its Known Exploited Vulnerabilities Catalog:

  • CVE-2023-20963 â€“ Android Framework Privilege Escalation Vulnerability. Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed;
  • CVE-2023-29492 â€“ Novi Survey Insecure Deserialization Vulnerability. Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account;

Google addressed the vulnerability CVE-2023-20963 with the release of Android Security Bulletin—March 2023 security updates. The bulletin confirmed that “there are indications that CVE-2023-20963 may be under limited, targeted exploitation.

The other vulnerabilities are recently patched Microsoft CLFS zeroday and Apple Zerodays

CISA orders federal agencies to fix this flaw by May 4, 2023.

Tags:

Leave a Reply

You may have missed

Microsoft to comply with LinkedIn GDPR Violation

Microsoft to comply with LinkedIn GDPR Violation

June 7, 2023
Google Fixes Third Chrome Zeroday

Google Fixes Third Chrome Zeroday

June 6, 2023
Moveit Attributed to Lace Tempest

Moveit Attributed to Lace Tempest

June 6, 2023
Byte Code Bites PYPI

Byte Code Bites PYPI

June 5, 2023
Enzo Biochem Suffers a Data Breach

Enzo Biochem Suffers a Data Breach

June 5, 2023
BlackSuit Ransomware Dissection

BlackSuit Ransomware Dissection

June 4, 2023
%d bloggers like this: