cisa-warns-of-active-exploitation-of-'pwnkit'-linux-vulnerability-in-the-wild

Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week moved to add a Linux vulnerability dubbed PwnKit to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation.

The issue, tracked as CVE-2021-4034 (CVSS score: 7.8), came to light in January 2022 and concerns a case of local privilege escalation in polkit’s pkexec utility, which allows an authorized user to execute commands as another user.

Polkit (formerly called PolicyKit) is a toolkit for controlling system-wide privileges in Unix-like operating systems, and provides a mechanism for non-privileged processes to communicate with privileged processes.

Successful exploitation of the flaw could induce pkexec to execute arbitrary code, granting an unprivileged attacker administrative rights on the target machine. It’s not immediately clear how the vulnerability is being weaponized in the wild, nor is there any information on the identity of the threat actor that may be exploiting it.

Also included in the catalog is CVE-2021-30533, a security shortcoming in Chromium-based web browsers that was leveraged by a malvertising threat actor codenamed Yosec to deliver dangerous payloads last year.

Furthermore, the agency added the newly disclosed Mitel VoIP zero-day (CVE-2022-29499) as well as five Apple iOS vulnerabilities (CVE-2018-4344, CVE-2019-8605, CVE-2020-9907, CVE-2020-3837, and CVE-2021-30983) that were recently uncovered as having been abused by Italian spyware vendor RCS Lab.

To mitigate any potential risk of exposure to cyberattacks, it’s recommended that organizations prioritize timely remediation of the issues. Federal Civilian Executive Branch Agencies, however, are required to mandatorily patch the flaws by July 18, 2022.


Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Related News

Vulnerability Summary for the Week of November 21, 2022

airbnb — optica A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially…
TikTok Invisible Body Challenge Trend Abused to Drop Malware

TikTok Invisible Body Challenge Trend Abused to Drop Malware

The newest trend on TikTok, the Invisible Body Challenge, is being abused by cybercriminals to spread WASP info-stealing malware. This…
Acer Laptop Vulnerability Allows Malware Infection During Secure Boot

Acer Laptop Vulnerability Allows Malware Infection During Secure Boot

Cybersecurity firm ESET’s researchers have identified a vulnerability affecting Acer laptops. The bug isn’t new, as ESET already discovered it…