Security News > 2023 > June > CISA orders agencies to patch iPhone bugs abused in spyware attacks
Today, CISA ordered federal agencies to patch recently patched security vulnerabilities exploited as zero-days to deploy Triangulation spyware on iPhones via iMessage zero-click exploits.
The attacks started in 2019 and are still ongoing, according to the company, and they use iMessage zero-click exploits that exploit the now-patched iOS zero-day bugs.
iPhone 6s, iPhone 7, iPhone SE, iPad Air 2, iPad mini, and iPod touch Macs running macOS Big Sur, Monterey, and Ventura.
While BOD 22-01 primarily focuses on U.S. federal agencies, it is strongly recommended that private companies also prioritize addressing the vulnerabilities outlined in CISA's KEV list, which includes bugs known to be exploited in attacks.
CISA orders govt agencies to patch iPhone bugs exploited in attacks.
CISA orders govt agencies to patch MOVEit bug used for data theft.
News URL
Related news
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- Old Fortinet flaws under attack with new method its patch didn't prevent (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- CISA tags SonicWall VPN flaw as actively exploited in attacks (source)
- Google: 97 zero-days exploited in 2024, over 50% in spyware attacks (source)
- CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks (source)
- NSO Group fined $167M for spyware attacks on 1,400 WhatsApp users (source)
- SonicWall urges admins to patch VPN flaw exploited in attacks (source)