CISA has included 6 vulnerabilities in its “catalogue of Known Exploited Vulnerabilities” and ordered the federal agencies “to patch” them with the help of vendor’s instructions.
The CISA, U.S.-based cybersecurity and infrastructure security agency, instructed the federal agencies to fix the newly added security vulnerabilities to the KEV, as per the directive. CISA has also given a deadline of 6th October to the government agencies.
Exploiting some of the vulnerabilities that have been added to the list, gives a cyber attacker local privilege escalation or admin-level access to the system, whereas the two permits to execution of a malicious code remotely, known as Remote Code Execution.
These vulnerabilities were found between 2010 and 2022 with a majority of them being identified in 2013 and were engineered as spyware, especially for getting into the social media accounts of android users by using Tizi malware.
The list of security flaws found in 2013 includes:
- CVE-2013-6282: it gives local privilege escalation and is used for rooting android devices.
- CVE-2013-2597: it gives local privilege escal
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from CySecurity News – Latest Information Security and Hacking IncidentsRead the original article: