January 10, 2024 at 12:06AM
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six actively exploited security flaws to its catalog, including a high-severity vulnerability in Apache Superset. Details of the issue were first reported in April 2023. CISA recommends federal agencies to apply fixes for these bugs by January 29, 2024, to secure their networks.
Based on the meeting notes, the following key points can be derived:
1. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified six security flaws and added them to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
2. Among the vulnerabilities, CVE-2023-27524 is a high-severity flaw impacting the Apache Superset open-source data visualization software. It was fixed in version 2.1 and allows remote code execution.
3. CVE-2023-41990, which was patched by Apple in iOS 15.7.8 and iOS 16.3, was used as part of Operation Triangulation spyware attacks to achieve remote code execution when processing a specially crafted iMessage PDF attachment.
4. Federal Civilian Executive Branch (FCEB) agencies have been advised to apply fixes for the identified vulnerabilities by January 29, 2024, to secure their networks against active threats.