Security News > 2023 > May > CISA orders govt agencies to patch iPhone bugs exploited in attacks

Today, the U.S. Cybersecurity & Infrastructure Security Agency ordered federal agencies to address three recently patched zero-day flaws affecting iPhones, Macs, and iPads known to be exploited in attacks.

iPhone 6s, iPhone 7, iPhone SE, iPad Air 2, iPad mini, iPod touch, and iPhone 8 and later.

Apple TV 4K and Apple TV HD. Likely exploited in state-backed spyware attacks.

Although Apple has not provided specific details about the attacks in which the bugs have been abused, it did reveal that CVE-2023-32409 was reported by Clément Lecigne from Google's Threat Analysis Group and Donncha Cearbhaill from Amnesty International's Security Lab.

In accordance with the binding operational directive issued in November 2022, Federal Civilian Executive Branch Agencies must apply patches to their systems for all security bugs listed in CISA's Known Exploited Vulnerabilities catalog.

Although primarily targeted at U.S. federal agencies, it is strongly advised that private companies also give high priority to fixing vulnerabilities contained in the KEV list of bugs exploited in attacks.

News URL

https://www.bleepingcomputer.com/news/security/cisa-orders-govt-agencies-to-patch-iphone-bugs-exploited-in-attacks/