CISA adds Android zero-day to KEV catalogue

Vulnerability already used in Chinese shopping app Pinduoduo

clock • 2 min read
CISA adds Android zero-day to KEV catalogue

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Android Framework security flaw to its known exploited vulnerabilities (KEV) catalogue, based on evidence of ongoing exploitation.

Tracked as CVE-2023-20963, popular Chinese e-commerce app Pinduoduo apparently used the vulnerability to spy on its users. "[The] Android Framework contains an unspecified vulnerability that all...

To continue reading this article...

Join Computing

  • Unlimited access to real-time news, analysis and opinion from the technology industry
  • Receive important and breaking news in our daily newsletter
  • Be the first to hear about our events and awards programmes
  • Join live member only interviews with IT leaders at the ‘IT Lounge’; your chance to ask your burning tech questions and have them answered
  • Access to the Computing Delta hub providing market intelligence and research
  • Receive our members-only newsletter with exclusive opinion pieces from senior IT Leaders

Join now

 

Already a Computing member?

Login

You may also like
CrowdStrike: Thousands of typosquatting domains registered after global outage

Threats and Risks

CrowdStrike says cybercriminals are attempting to install a new infostealer malware through fake fixes

clock 24 July 2024 • 2 min read
Google abandons plan to phase out third-party cookies

Privacy

In a bid to please everyone, Google has done the opposite

clock 23 July 2024 • 3 min read
Google's $23bn Wiz bid fizzles

Mergers and Acquisitions

Startup cites antitrust and investor concerns

clock 23 July 2024 • 1 min read
Most read
01
02
04

Google's $23bn Wiz bid fizzles

23 July 2024 • 1 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Threats and Risks

CrowdStrike: Thousands of typosquatting domains registered after global outage

CrowdStrike: Thousands of typosquatting domains registered after global outage

CrowdStrike says cybercriminals are attempting to install a new infostealer malware through fake fixes

clock 24 July 2024 • 2 min read
SolarWinds patches eight critical flaws in Access Rights Manager software

SolarWinds patches eight critical flaws in Access Rights Manager software

Disclosure raises fresh security concerns

clock 21 July 2024 • 3 min read
Cisco patches critical flaw in Secure Email Gateway appliances

Cisco patches critical flaw in Secure Email Gateway appliances

Patch devices immediately

clock 19 July 2024 • 3 min read