Active Exploitation of Vulnerabilities in Apple, Google, Microsoft, Palo Alto and SAP products

24 August 2022

There have been reports of active exploitation of vulnerabilities affecting Apple, Google, Microsoft, Palo Alto and SAP products.

The vulnerabilities are as follows:

CVE-2017-15944 - Palo Alto Networks PAN-OS and Panorama products contain a remote code execution vulnerability that could be performed without prior authentication when exploited in conjunction with other vulnerabilities.
CVE-2022-21971 - Microsoft Windows Runtime contains a vulnerability due to a boundary error when processing Revisable Form Text (RFT) files in Windows Runtime, allowing remote code execution.
CVE-2022-22536 - Multiple SAP products contain HTTP request smuggling vulnerability that could allow functions to be executed impersonating a victim or poisoning intermediary Web caches.
CVE-2022-26923 - Microsoft Active Directory Certificate Services (ADCS) contains a privilege escalation vulnerability that could allow a low-privileged user to escalate privileges to domain administrator when ADCS is running on the domain.
CVE-2022-2856 - Google Chrome Intents contains an insufficient input validation vulnerability that could allow untrusted input data to execute remote code.
CVE-2022-32893 - Apple iOS, macOS and iPadOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges.
CVE-2022-32894 - Apple iOS, macOS and iPadOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing maliciously crafted web content.

Users and administrators of affected products are advised to apply the relevant security updates immediately.

More information is available here:

Public advisory of scammers impersonating CSA and the SPF