CISA adds Android zero-day to KEV catalogue

Vulnerability already used in Chinese shopping app Pinduoduo

clock • 2 min read
CISA adds Android zero-day to KEV catalogue

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Android Framework security flaw to its known exploited vulnerabilities (KEV) catalogue, based on evidence of ongoing exploitation.

Tracked as CVE-2023-20963, popular Chinese e-commerce app Pinduoduo apparently used the vulnerability to spy on its users. "[The] Android Framework contains an unspecified vulnerability that all...

To continue reading this article...

Join Computing

  • Unlimited access to real-time news, analysis and opinion from the technology industry
  • Receive important and breaking news in our daily newsletter
  • Be the first to hear about our events and awards programmes
  • Join live member only interviews with IT leaders at the ‘IT Lounge’; your chance to ask your burning tech questions and have them answered
  • Access to the Computing Delta hub providing market intelligence and research
  • Receive our members-only newsletter with exclusive opinion pieces from senior IT Leaders

Join now

 

Already a Computing member?

Login

You may also like
Ivanti VPN malware can survive a factory reset, warns CISA

Threats and Risks

'Assume a sophisticated threat actor may deploy rootkit level persistence'

clock 01 March 2024 • 2 min read
Epic Games allegedly hacked by ransomware gang

Hacking

The company denies evidence of breach

clock 29 February 2024 • 3 min read
Critics furious about Microsoft-Mistral AI partnership

Legislation and Regulation

Flies in the face of the AI Act

clock 28 February 2024 • 2 min read

More on Threats and Risks

Ivanti VPN malware can survive a factory reset, warns CISA

Ivanti VPN malware can survive a factory reset, warns CISA

'Assume a sophisticated threat actor may deploy rootkit level persistence'

John Leonard
clock 01 March 2024 • 2 min read
Hugging Face AI platform infested with 100 malicious code-execution models, researchers warn

Hugging Face AI platform infested with 100 malicious code-execution models, researchers warn

These models could create a persistent backdoor for attackers

clock 01 March 2024 • 3 min read
US, UK, Canada seek global coalition to combat state disinformation

US, UK, Canada seek global coalition to combat state disinformation

US, UK and Canada have endorsed a framework to tackle information manipulation

clock 27 February 2024 • 3 min read