Security News > 2023 > May > CISA orders govt agencies to patch iPhone bugs exploited in attacks
Today, the U.S. Cybersecurity & Infrastructure Security Agency ordered federal agencies to address three recently patched zero-day flaws affecting iPhones, Macs, and iPads known to be exploited in attacks.
iPhone 6s, iPhone 7, iPhone SE, iPad Air 2, iPad mini, iPod touch, and iPhone 8 and later.
Apple TV 4K and Apple TV HD. Likely exploited in state-backed spyware attacks.
Although Apple has not provided specific details about the attacks in which the bugs have been abused, it did reveal that CVE-2023-32409 was reported by Clément Lecigne from Google's Threat Analysis Group and Donncha Cearbhaill from Amnesty International's Security Lab.
In accordance with the binding operational directive issued in November 2022, Federal Civilian Executive Branch Agencies must apply patches to their systems for all security bugs listed in CISA's Known Exploited Vulnerabilities catalog.
Although primarily targeted at U.S. federal agencies, it is strongly advised that private companies also give high priority to fixing vulnerabilities contained in the KEV list of bugs exploited in attacks.
News URL
Related news
- Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) (source)
- Apple: Mercenary spyware attacks target iPhone users in 92 countries (source)
- Apple Alerts iPhone Users in 92 Countries to Mercenary Spyware Attacks (source)
- Exploit released for Palo Alto PAN-OS bug used in attacks, patch now (source)
- CISA says GitLab account takeover bug is actively exploited in attacks (source)
- Apple backports fix for zero-day exploited in attacks to older iPhones (source)
- CISA Warns of Actively Exploited D-Link Router Vulnerabilities - Patch Now (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-23 | CVE-2023-32409 | Unspecified vulnerability in Apple products The issue was addressed with improved bounds checks. | 8.6 |