U.S. CISA has added the following five new issues to its Known Exploited Vulnerabilities Catalog:
- CVE-2019-8526 – Apple macOS Use-After-Free Vulnerability. The CVE-2019-8526 flaw has been exploited by the DazzleSpy backdoor in watering hole attacks aimed at politically active individuals in Hong Kong. The issue was used to dump iCloud Keychain if the macOS version is lower than 10.14.4.
- CVE-2023-2033 – Google Chromium V8 Engine Type Confusion Vulnerability. The CVE-2023-2033 flaw is the first Chrome zero-day vulnerability addressed by Google in 2023. It did not disclose details of the attacks exploiting this vulnerability. It will not provide bug details and links until a majority of users have updated their installs.
CISA orders federal agencies to fix this flaw by May 8, 2023.