Security News > 2022 > February > CISA orders federal agencies to update iPhones, Macs until Feb 25th

CISA orders federal agencies to update iPhones, Macs until Feb 25th
2022-02-11 17:45

The US Cybersecurity and Infrastructure Security Agency has added a new flaw to its catalog of vulnerabilities exploited in the wild, an Apple WebKit remote code execution bug used to target iPhones, iPads, and Macs.

According to the binding operational directive issued by CISA in November, federal agencies are now required to patch their systems against this actively exploited vulnerability impacting iOS, iPadOS, and macOS devices.

CISA said that all Federal Civilian Executive Branch Agencies agencies have to patch the vulnerability tracked as CVE-2022-22620 [1, 2] until February 25th, 2022.

"These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise," the cybersecurity agency said.

"Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice."

Yesterday, CISA also asked FCEB agencies to patch 15 other vulnerabilities tagged as being under active exploitation, with CVE-2021-36934 - a Microsoft Windows SAM bug allowing privilege escalation and credential theft - having a February 24th patch deadline.


News URL

https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-update-iphones-macs-until-feb-25th/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-03-18 CVE-2022-22620 Use After Free vulnerability in Apple products
A use after free issue was addressed with improved memory management.
network
low complexity
apple CWE-416
8.8
2021-07-22 CVE-2021-36934 Unspecified vulnerability in Microsoft products
<p>An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database.
0.0