Security News > 2022 > September > CISA orders agencies to patch Windows, iOS bugs used in attacks

CISA added two new vulnerabilities to its list of security bugs exploited in the wild today, including a Windows privilege escalation vulnerability and an arbitrary code execution flaw affecting iPhones and Macs.
Apple also patched the arbitrary code execution vulnerability on Monday and confirmed that it was exploited in attacks as a zero-day bug in the iOS and macOS kernel.
A binding operational directive issued in November 2021 says that all Federal Civilian Executive Branch Agencies agencies have to secure their networks against bugs added to CISA'sCISA's catalog of Known Exploited Vulnerabilities.
CISA has given Federal Civilian Executive Branch Agencies agencies three weeks, until October 10th, to address these two security flaws and block attacks that could target their systems.
"These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise," CISA warned today.
Since BOD 22-01 was issued, CISA has added over 800 security flaws to the catalog of bugs exploited in the wild, requiring federal agencies to address them on a tighter schedule to block attacks and potential security breaches.
News URL
Related news
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)
- New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- CISA flags Craft CMS code injection flaw as exploited in attacks (source)
- CISA tags Windows, Cisco vulnerabilities as actively exploited (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- CISA tags NAKIVO backup flaw as actively exploited in attacks (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)