IBM’s operating system AIX is vulnerable to two highly critical bugs, one of which has a CVE score of ten. Urgent updating is required.
IBM’s Advanced Interactive Executive (AIX) operating system is susceptible to two vulnerabilities. CVE-2024-56346 and CVE-2024-56347 both open the door for hackers to execute their own code. The bugs receive CVE scores of ten and 9.6 respectively, demonstrating their severity.
Easy to exploit
Presumably for this reason, IBM is currently sharing very few details about what exactly is going on. It’s unclear what errors are at the root of these bugs and how they should be exploited.
Given their severity, it’s likely that attackers could immediately take action once they obtain this information. Setting up an attack would not be complex and would not require privileges. Once a criminal gains access, they could steal data or deploy ransomware.
Both AIX version 7.2 and version 7.3 are vulnerable. It’s unclear how many companies use AIX. The Unix-based OS is particularly popular among organizations running critical applications in the financial sector, telecommunications, healthcare, and in data centers, using Power-based hardware for these purposes.
More than 9,000 Companies
Enlyft knows that just over 9,000 companies worldwide use AIX. This includes organizations such as Pure Storage in the US, but also Hermes Europe in Germany. Generally, the operating system is said to be most popular in the US.
The solution is the same as always: IBM has rolled out patches. AIX users should not dawdle and must install these as a priority.