Security News > 2023 > May > CISA orders govt agencies to patch iPhone bugs exploited in attacks
Today, the U.S. Cybersecurity & Infrastructure Security Agency ordered federal agencies to address three recently patched zero-day flaws affecting iPhones, Macs, and iPads known to be exploited in attacks.
iPhone 6s, iPhone 7, iPhone SE, iPad Air 2, iPad mini, iPod touch, and iPhone 8 and later.
Apple TV 4K and Apple TV HD. Likely exploited in state-backed spyware attacks.
Although Apple has not provided specific details about the attacks in which the bugs have been abused, it did reveal that CVE-2023-32409 was reported by Clément Lecigne from Google's Threat Analysis Group and Donncha Cearbhaill from Amnesty International's Security Lab.
In accordance with the binding operational directive issued in November 2022, Federal Civilian Executive Branch Agencies must apply patches to their systems for all security bugs listed in CISA's Known Exploited Vulnerabilities catalog.
Although primarily targeted at U.S. federal agencies, it is strongly advised that private companies also give high priority to fixing vulnerabilities contained in the KEV list of bugs exploited in attacks.
News URL
Related news
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- CISA warns of more Palo Alto Networks bugs exploited in attacks (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- CISA tags Progress Kemp LoadMaster flaw as exploited in attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-23 | CVE-2023-32409 | Unspecified vulnerability in Apple products The issue was addressed with improved bounds checks. | 8.6 |