CISA has updated its Known Exploited Vulnerabilities Catalog with eight vulnerabilities, two of which have remediation dates of February 11.
The list includes an Apple IOMobileFrameBuffer Memory Corruption vulnerability, a SonicWall SMA 100 Appliances Stack-Based Buffer Overflow vulnerability, a Microsoft Internet Explorer Use-After-Free vulnerability, a Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management vulnerability and two GNU Bourne-Again Shell (Bash) Arbitrary Code Execution vulnerabilities.
The Apple and SonicWall vulnerabilities have a remediation date for February 11 and the rest have remediation dates of July 28.
Apple released patches for the vulnerability — tagged as CVE-2022-22587 — last week, noting that a malicious application may be able to execute arbitrary code with kernel privileges. Apple said it is “aware of a report that this issue may have been actively exploited” and added that it was discovered by a member of Mercedes-Benz Innovation Lab and two other researchers.
Rapid7 said earlier this month that CVE-2021-20038 — the SonicWall vulnerability — has a suggested CVSS score of 9.8 out of 10, explaining in a blog post that by exploiting this issue, “an attack can get complete control of the device or virtual machine that’s running the SMA 100 series appliance.”
“This can allow attackers to