Google’s Threat Analysis Group (TAG) has disclosed technical information regarding an Internet Explorer zero-day vulnerability exploited by the North Korean hacking organization APT37.
The browser’s “JScript9” JavaScript engine was found to be vulnerable and is tracked as CVE-2022-41128 (CVSS score of 8.8). Remote attackers can use this vulnerability to execute arbitrary code on a target system. According to Google, the security flaw is caused by an incorrect JIT optimization problem that causes type confusion. The issue is comparable to JScript9 flaw CVE-2021-34480, which was fixed last year.
Also Read: Strategies to Improve Enterprise-Wide Cybersecurity Vulnerability Management
One week after receiving a warning about the vulnerability—CVE-2022-41128—and as part of the November 2022 Patch Tuesday security updates, Microsoft patched it.
Read More: Google Documents IE Browser Zero-Day Exploited by North Korean Hackers
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates