Vulnerability Management, Patch/Configuration Management

Updated CISA exploited vulnerabilities catalog includes Internet Explorer, Twilio Authy bugs

Share
Closeup of mobile phone screen with logo lettering of microsoft internet explorer browser on computer keyboard

The Cybersecurity and Infrastructure Security Agency has updated its Known Exploited Vulnerabilities catalog to include an old critical use-after-free flaw impacting Internet Explorer, tracked as CVE-2012-4792, and a medium severity information disclosure bug affecting Twilio Authy, tracked as CVE-2024-39891, with federal agencies urged to remediate both security issues by August 13, The Hacker News reports.

Even though there has been no clear evidence indicating ongoing active exploitation of CVE-2012-4792, the vulnerability, which could enable remote execution of arbitrary code, had been leveraged in watering hole attacks deployed against Capstone Turbine Corporation and the Council on Foreign Relations almost 12 years ago. Meanwhile, attacks leveraging CVE-2024-39891 have been deployed by threat actors looking to identify Authy account-related data before being addressed by Twilio earlier this month. "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," said CISA.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds