# U.S. Government Adds Apple, Rockwell, and Hikvision Flaws to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added three new flaws to its Known Exploited Vulnerabilities (KEV) catalog, highlighting the ongoing threat landscape in the world of cybersecurity. These vulnerabilities, identified by Apple, Rockwell, and Hikvision, pose significant risks to individuals and organizations alike. In this article, we will delve into the details of each vulnerability, their impact, and what can be done to mitigate them.
The first vulnerability added to the KEV catalog is CVE-2023-43000, a use-after-free issue in the WebKit component of Apple's Safari browser. According to CISA, this flaw could allow maliciously crafted web content to trigger memory corruption, potentially leading to a security breach. Fortunately, Apple has already addressed this vulnerability with improved memory management in their macOS Ventura 13.5, iOS 16.6, iPadOS 16.6, and Safari 16.6 versions.
The second vulnerability added to the catalog is CVE-2017-7921, an improper authentication vulnerability that affects multiple Hikvision IP camera series running older firmware versions. This flaw occurs when the system fails to correctly verify user credentials, potentially allowing attackers to bypass authentication, escalate privileges, and gain unauthorized access to sensitive data or device controls. CISA has emphasized the importance of updating these devices with the latest firmware to prevent exploitation.
The third vulnerability added to the catalog is CVE-2021-22681, which impacts Rockwell Automation Studio 5000 Logix Designer and RSLogix 5000. This flaw allows an unauthenticated attacker to bypass the key-based verification used to authenticate with industrial controllers, potentially compromising industrial automation environments. By exploiting this flaw, attackers could impersonate trusted systems and communicate with affected controllers.
Furthermore, CISA has also added two additional vulnerabilities tracked as CVE-2021-30952 and CVE-2023-41974 to the catalog. These vulnerabilities are part of a powerful new iOS exploit kit called Coruna (also known as CryptoWaters), which targets Apple iPhones running iOS versions 13.0 through 17.2.1. While highly capable against iPhones running these older versions, Coruna is ineffective against the latest iOS release.
The discovery of this exploit kit has raised concerns about the availability and misuse of zero-day exploits in the wild. According to Google's Threat Intelligence Group (GTIG), there is an active market for "second-hand" zero-day exploits, with multiple threat actors reusing and adapting these advanced techniques for new vulnerabilities.
As a result, CISA has issued a Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, which requires federal agencies to address the identified vulnerabilities by March 26, 2026. Private organizations are also advised to review the KEV catalog and take steps to address these vulnerabilities in their infrastructure.
In conclusion, the addition of these three new flaws to the KEV catalog serves as a reminder of the ongoing threat landscape in cybersecurity. It is essential for individuals and organizations to stay vigilant and proactive in addressing known exploited vulnerabilities to prevent potential security breaches. By staying informed and taking necessary precautions, we can work together to reduce the significant risk of known exploited vulnerabilities.
Keywords: U.S. government, Known Exploited Vulnerabilities catalog, Apple, Rockwell, Hikvision, cybersecurity, data breach, malware, vulnerability, exploit kit, iOS, zero-day exploits, industrial automation environments.