CISA has demanded that federal agencies immediately eliminate a vulnerability in the ARM Mali GPU driver that is being actively exploited by attackers. The vulnerability, known as CVE-2021-29256, involves a memory management error that can allow attackers to gain root privileges and access confidential information on Android devices. ARM has issued recommendations stating that users should update their devices to fix the issue.
In addition to this vulnerability, Google has recently addressed two other safety vulnerabilities that have been used in attacks. CVE-2023-26083 is a medium-risk vulnerability related to memory leakage in the ARM Mali GPU driver. It was exploited in December 2022 to deliver spy software to Samsung devices. The third vulnerability, monitored as CVE-2023-2136, is considered critical and involves an integer overflow issue in the Google SKIA library, which is used in the Google Chrome web browser.
As a result of these vulnerabilities, federal agencies within the US Federal Civil Executive branch (FCEB) have been given a deadline of July 28 to protect their Android devices from attacks targeting CVE-2021-29256. This requirement is outlined in the November 2021 operational directive BOD 22-01, which states that federal agencies must evaluate and address any vulnerabilities listed in the CISA catalog.
While the CISA catalog primarily focuses on federal agencies, it is strongly recommended that private companies also prioritize addressing vulnerabilities listed in the catalog. CISA has warned that these types of vulnerabilities are frequently exploited by malicious actors and pose a serious threat.
In recent news, CISA has also warned about the ongoing operation by the Truebot attackers, who are exploiting a critical remote code execution vulnerability in the NETWRIX AUDITOR software. Additionally, there have been distributed denial-of-service (DDoS) attacks targeting various industries in the United States.