Two critical vulnerabilities, CVE-2012-4792 and CVE-2024-39891, pose significant risks to organizations and individuals using Internet Explorer and Twilio Authy, respectively.
Description
CVE-2012-4792 is a Use-After-Free Vulnerability in Internet Explorer [1] [2], dating back a decade, with a severity score of 9.3 [2]. This flaw allows remote attackers to execute arbitrary code through a specially crafted site [3]. It was exploited in attacks on the Council on Foreign Relations and Capstone Turbine Corporation websites in December 2012 [3]. Organizations using Internet Explorer should promptly patch this vulnerability to reduce the risk of exploitation [2]. On the other hand [3], CVE-2024-39891 is an Information Disclosure vulnerability in Twilio Authy [1] [2], with a CVSS score of 5.3 [2]. This vulnerability can expose sensitive data to unauthorized parties [2], posing a risk to confidentiality [2]. Twilio has addressed this issue in specific versions after threat actors used it to access data associated with Authy accounts [3]. CISA has warned that such vulnerabilities are common attack vectors for malicious cyber actors and pose significant risks to federal agencies [3], with FCEB agencies required to address these vulnerabilities by August 13, 2024 [3], to protect their networks against active threats [3].
Conclusion
It is crucial for organizations to patch these vulnerabilities promptly to mitigate the risk of exploitation and protect sensitive data. The exploitation of these vulnerabilities highlights the importance of proactive cybersecurity measures and the need for continuous monitoring and updating of software to prevent potential threats in the future.
References
[1] https://thehackernews.com/2024/07/cisa-adds-twilio-authy-and-ie-flaws-to.html
[2] https://www.krofeksecurity.com/cisa-updates-vulnerabilities-list-with-twilio-authy-and-ie-security-exploits/
[3] https://www.443news.com/2024/07/cisa-adds-twilio-authy-and-ie-flaws-to-exploited-vulnerabilities-list/
