CISA issues warning on exploited PwnKit flaw

SecurityWeek reports that the Cybersecurity and Infrastructure Security Agency has warned about the active exploitation of the PwnKit Linux security flaw, tracked as CVE-2021-4034. Threat actors could abuse the vulnerability, which impacts the Polkit component developed by Red Hat for system-wide privilege control in operating systems similar to Unix, to achieve privilege escalation. Several major firms including VMware, IBM, Siemens, Juniper Networks, and Moxa have products impacted by the security bug, which the CISA has already added to its Known Exploited Vulnerabilities Catalog. Other security vulnerabilities added to CISA's Must Patch list are an exploited Mitel VoIP zero-day and iOS flaws abused by Italian spyware firm RCS Lab, as well as a bug in Chromium leveraged in malvertising campaigns. CISA has ordered federal agencies to remediate all the newly listed vulnerabilities by July 18, while private firms have been urged to leverage the flaw catalog to improve their patching and vulnerability management processes.