Security News > 2023 > June > CISA orders agencies to patch iPhone bugs abused in spyware attacks
Today, CISA ordered federal agencies to patch recently patched security vulnerabilities exploited as zero-days to deploy Triangulation spyware on iPhones via iMessage zero-click exploits.
The attacks started in 2019 and are still ongoing, according to the company, and they use iMessage zero-click exploits that exploit the now-patched iOS zero-day bugs.
iPhone 6s, iPhone 7, iPhone SE, iPad Air 2, iPad mini, and iPod touch Macs running macOS Big Sur, Monterey, and Ventura.
While BOD 22-01 primarily focuses on U.S. federal agencies, it is strongly recommended that private companies also prioritize addressing the vulnerabilities outlined in CISA's KEV list, which includes bugs known to be exploited in attacks.
CISA orders govt agencies to patch iPhone bugs exploited in attacks.
CISA orders govt agencies to patch MOVEit bug used for data theft.
News URL
Related news
- Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- CISA warns of more Palo Alto Networks bugs exploited in attacks (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- CISA tags Progress Kemp LoadMaster flaw as exploited in attacks (source)