CISA Warns Against Active Exploitation of ‘PwnKit’ Linux Vulnerability in the Wild


The US Cybersecurity and Infrastructure Security Agency (CISA) this week moved to: to add a Linux vulnerability called PwnKit after its Catalog of known exploited vulnerabilitiesciting evidence of active exploitation.

The problem, tracked as CVE-2021-4034 (CVSS score: 7.8), uncovered in January 2022, is a case of local privilege escalation in polkit’s pkexec utility, which allows an authorized user to execute commands as another user.

Polkit (previously called PolicyKit) is a toolkit for managing system-wide privileges in Unix-like operating systems and provides a mechanism for non-privileged processes to interact with privileged processes.

Successful exploitation of the flaw could cause pkexec to execute arbitrary code, giving an unauthorized attacker administrative privileges on the target computer and endangering the host.

It’s not immediately clear how the vulnerability is being used as a weapon in the wild, nor is there any information about the identity of the threat actor that may be abusing it.

The catalog also includes: CVE-2021-30533a security flaw in Chromium-based web browsers that was used last year by a malvertising threat actor called Yosec to deliver dangerous payloads.

In addition, the agency has added the newly disclosed Mitel VoIP zero-day (CVE-2022-29499) and five Apple iOS vulnerabilities (CVE-2018-4344, CVE-2019-8605, CVE-2020-9907, CVE-2020-3837 and CVE-2021-30983) that were recently discovered as being exploited by Italian spyware vendor RCS Lab.

To reduce the potential risk of exposure to cyber-attacks, it is recommended that organizations prioritize resolving the issues in a timely manner. However, federal civilian executive agencies are required to correct the error before July 18, 2022.