Security News > 2023 > June > CISA orders agencies to patch iPhone bugs abused in spyware attacks
Today, CISA ordered federal agencies to patch recently patched security vulnerabilities exploited as zero-days to deploy Triangulation spyware on iPhones via iMessage zero-click exploits.
The attacks started in 2019 and are still ongoing, according to the company, and they use iMessage zero-click exploits that exploit the now-patched iOS zero-day bugs.
iPhone 6s, iPhone 7, iPhone SE, iPad Air 2, iPad mini, and iPod touch Macs running macOS Big Sur, Monterey, and Ventura.
While BOD 22-01 primarily focuses on U.S. federal agencies, it is strongly recommended that private companies also prioritize addressing the vulnerabilities outlined in CISA's KEV list, which includes bugs known to be exploited in attacks.
CISA orders govt agencies to patch iPhone bugs exploited in attacks.
CISA orders govt agencies to patch MOVEit bug used for data theft.
News URL
Related news
- CISA orders agencies to patch BeyondTrust bug exploited in attacks (source)
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)
- CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)
- New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)