CISA added two Android Pixel vulnerabilities, CVE-2024-29745 (information disclosure) and CVE-2024-29748 (privilege escalation), to its Known Exploited Vulnerabilities Catalog. Prompt remediation is urged to protect against active exploitation.
The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities Catalog, highlighting two critical vulnerabilities affecting Android Pixel devices.
These vulnerabilities, identified as CVE-2024-29745 and CVE-2024-29748, have been added to the catalogue due to evidence of active exploitation.
CVE-2024-29745 targets Android Pixel devices, presenting a potential Information Disclosure risk stemming from uninitialized data.
This flaw could allow attackers to access local information without requiring additional execution privileges or user interaction, posing a significant threat to device security and user privacy.
On the other hand, CVE-2024-29748 exposes a Privilege Escalation vulnerability in Android Pixel devices. This flaw arises from a logic error in the code, providing a potential route for attackers to escalate their privileges locally without needing additional execution privileges.
Unlike the previous vulnerability, exploitation of this flaw does require user interaction, but it still represents a substantial risk to device security.
Such vulnerabilities serve as prime targets for malicious cyber actors seeking to compromise systems and networks. Exploitation of these flaws could lead to data breaches, unauthorised access, and other detrimental consequences, particularly within the federal enterprise.
In response to the growing threat landscape, the Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities was established.
This directive mandates Federal Civilian Executive Branch (FCEB) agencies to promptly remediate identified vulnerabilities listed in the Known Exploited Vulnerabilities Catalog to safeguard FCEB networks against active threats.
While BOD 22-01 specifically applies to FCEB agencies, CISA strongly advises all organisations to prioritise the timely remediation of vulnerabilities listed in the catalogue as part of their broader vulnerability management practices.
By addressing these vulnerabilities promptly, organisations can significantly reduce their exposure to cyberattacks and enhance their overall cybersecurity posture.
It's essential for organisations to stay vigilant and proactive in addressing known vulnerabilities, as CISA will continue to update the catalogue with newly identified threats that meet specified criteria.
By staying informed and taking decisive action, organisations can better protect themselves against evolving cyber threats and mitigate potential risks to their systems and data.
CrowdStrike's disastrous July 19 software update crippled Jetstar and exposed vulnerabilities, causing a global IT outage. Competitors like SentinelOne exploited the chaos, shaking customer trust and eroding CrowdStrike's market value by 25%.
This week, the cybersecurity world is in turmoil following a massive data breach at National Public Data. The breach, involving 2.9 billion records, has exposed sensitive information spanning decades.
A major cyberattack that led to a significant Microsoft Azure outage, a high-stakes prisoner swap involving Russian cybercriminals and U.S. journalists, and Google's urgent patching of an Android zero-day vulnerability.
We cover the extensive supply chain disruptions affecting logistics, airlines, and transport worldwide. Additionally, we examine the financial impact on CrowdStrike’s stock price and the ensuing reactions from financial markets and analysts.
