Critical Zero-Day Vulnerabilities Target Major Software Platforms
Critical Zero-Day Vulnerabilities Target Major Software Platforms
On January 22, 2024, several critical zero-day vulnerabilities have been disclosed, highlighting the persistent threat landscape. Google has patched three zero-day vulnerabilities in Chrome, including CVE-2024-0519, an out-of-bounds memory access issue in the JavaScript engine that is actively exploited. Meanwhile, Atlassian's Confluence is facing a severe flaw (CVE-2023-22527) allowing unauthenticated remote code execution, rated 10 on the CVSS scale. Additionally, the Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings regarding two critical vulnerabilities (CVE-2023-46805 and CVE-2024-21887) in Ivanti products, which could facilitate remote code execution. Apple has also released updates for a zero-day vulnerability (CVE-2024-23222) affecting iOS and macOS, currently exploited in the wild. Organizations must prioritize patching these vulnerabilities to protect their networks.
Also In Security Today
- CVE-2023-22527 in Confluence: The critical remote code execution vulnerability in Confluence has raised alarms, prompting immediate action from organizations using the platform. Innovate Cybersecurity
- Ivanti Zero-Day Risks: CISA warns about two critical zero-day vulnerabilities in Ivanti products, emphasizing the risk they pose to remote access solutions used widely by enterprises. Picus Security
- Apple's Urgent Security Update: Apple has issued urgent updates for CVE-2024-23222, affecting multiple devices and highlighting the need for users to act quickly to secure their systems. CERT-EU