U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities (KEV) catalog.
Below are the flaws added to the catalog:
- CVE-2023-43000 (CVSS score of 8.8) Apple Multiple products Use-After-Free Vulnerability
- CVE-2017-7921 (CVSS score of 9.8) Hikvision Multiple Products Improper Authentication Vulnerability
- CVE-2021-22681 (CVSS score of 9.8) Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
- CVE-2021-30952 (CVSS score of 8.8) Apple Multiple Products Integer Overflow or Wraparound Vulnerability
- CVE-2023-41974 (CVSS score of 7.8) Apple iOS and iPadOS Use-After-Free Vulnerability
CVE-2023-43000 is a use-after-free issue in the WebKit component. Apple addressed the vulnerability with improved memory management in macOS Ventura 13.5, iOS 16.6, iPadOS 16.6, and Safari 16.6. The flaw could allow maliciously crafted web content to trigger memory corruption.
The second flaw added to the catalog, tracked as CVE-2017-7921, is an improper authentication vulnerability that affects multiple Hikvision IP camera series running older firmware versions. The flaw occurs when the system fails to correctly verify user credentials, potentially allowing attackers to bypass authentication, escalate privileges, and gain unauthorized access to sensitive data or device controls.
EXPLORE MORE
Missing Juvenile Omari Manson- Brown from the 35th District Has Returned Home
The Philadelphia Police Department is seeking the public’s assistance in locating missing…
Threat actors use custom AuraInspector to harvest data from Salesforce systems
Attackers are mass-scanning Salesforce Experience Cloud sites using a modified AuraInspector tool…
Endangered Missing Person Barry Spindler from the 15th District Has Been Located
Endangered Missing Person Barry Spindler from the 15th District Has Been Located…
Iran-linked MuddyWater deploys Dindoor malware against U.S. organizations
Iran-linked APT MuddyWater targeted U.S. organizations, deploying the new Dindoor backdoor across…
Russia-linked hackers target Signal, WhatsApp of officials globally
Russia-linked hackers are targeting Signal and WhatsApp accounts of government and military…
Missing Juvenile Mydeana Smith from the 9th District
The Philadelphia Police Department is requesting the public’s help in locating 16-year-old…
The third flaw added to the catalog, tracked as CVE-2021-22681, impacts Rockwell Automation Studio 5000 Logix Designer and RSLogix 5000, allowing an unauthenticated attacker to bypass the key-based verification used to authenticate with industrial controllers. By exploiting this flaw, attackers could impersonate trusted systems and communicate with affected controllers, potentially compromising industrial automation environments.
CISA also added Apple vulnerabilities CVE-2021-30952 and CVE-2023-41974 to the catalog after Google’s Threat Intelligence Group reported the discovery of a powerful new iOS exploit kit called Coruna (also known as CryptoWaters) that targets Apple iPhones running iOS versions 13.0 through 17.2.1. The kit includes five full exploit chains and a total of 23 exploits, including the above Apple issues.
While highly capable against iPhones running iOS 13.0 through 17.2.1versions, Coruna is ineffective against the latest iOS release, according to Google.
GTIG tracked the use of the exploit in highly targeted attacks by a surveillance vendor’s customer, in Ukrainian watering hole campaigns by UNC6353, and later in broad-scale attacks by Chinese financial threat actor UNC6691, showing an active market for “second-hand” zero-day exploits. Multiple threat actors now reuse and adapt these advanced techniques for new vulnerabilities.
GTIG shared the findings to raise awareness and protect users, adding identified domains to Safe Browsing.
Initial discovery occurred in February 2025 when GTIG captured a previously unseen JavaScript framework delivering an iOS exploit chain from a surveillance vendor’s customer.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix the vulnerabilities by March 26, 2026.
