The Cybersecurity and Infrastructure Security Agency (CISA) has added 9 vulnerabilities to its Known Exploited Vulnerabilities Catalog. The issues include recently patched Adobe and Chrome zero-days.
The recent Google Chrome security update 98.0.4758.102 released this week includes a fix for zero-day vulnerability CVE-2022-0609 exploited in the wild. CISA also added the the same Chrome High severity vulnerability to the Known Exploited Vulnerabilities Catalog on February 15, 2022.
CISA also added another zero-day vulnerability CVE-2022-24086 to the catalog that affects Adobe Commerce and Magento Open Source with reported exploits in the wild.
In addition, CISA added the following 7 additional exploited vulnerabilities to the Catalog on February 15:
|CVE Number||Vulnerability Title|
|CVE-2019-0752||Microsoft Internet Explorer Type Confusion Vulnerability|
|CVE-2018-8174||Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability|
|CVE-2018-20250||WinRAR Absolute Path Traversal Vulnerability|
|CVE-2018-15982||Adobe Flash Player Use-After-Free Vulnerability|
|CVE-2017-9841||PHPUnit Command Injection Vulnerability|
|CVE-2014-1761||Microsoft Word Memory Corruption Vulnerability|
|CVE-2013-3906||Microsoft Graphics Component Memory Corruption Vulnerability|
Of special note, the Windows VBScript vulnerability CVE-2018-8174 was patched in May of 2018 and was identified by Security firm Verint as one of the “top 20 vulnerabilities to patch now” (most under attack in 2019). Moreover, BabyShark malware campaign used exploit code targeting this vulnerability starting in April 2019.
- Google releases Chrome 98 security update with fix for zero-day vulnerability (CVE-2022-0609) exploited in the wild
- Adobe fixes Critical zero-day Commerce, Magento vulnerability exploited in the wild
- The top 20 vulnerabilities to patch now (that are most under attack)
- BabyShark malware expands targets to cryptocurrency industry