The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added [1<\/a>,2<\/a>] the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog<\/a>:<\/p>\n\n\n\n
\u201cGoogle is aware that an exploit for CVE-2024-4947 exists in the wild,\u201d reads the advisory<\/a> published by Google.<\/em><\/p>\n\n\n\n
The flaw was reported by an anonymous researcher on May 7, 2024.
\u201cGoogle is aware that an exploit for CVE-2024-4671 exists in the wild.\u201d reads the\u00a0advisory<\/a>\u00a0published by Google. As usual, the IT giant has not revealed details about the attacks exploiting this vulnerability.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities<\/a>, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts recommend also private organizations review the Catalog<\/a> and address the vulnerabilities in their infrastructure.<\/p>\n\n\n\n
CISA orders federal agencies to fix these vulnerabilities by:\u00a0<\/p>\n\n\n\n
CVE-2024-4671<\/a> June 3rd, 2024.<\/p>\n\n\n\n
CVE-2024-4761<\/a> June 6, 2024.
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a>
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, CISA)<\/strong>