Security News > 2023 > June > CISA orders agencies to patch iPhone bugs abused in spyware attacks
Today, CISA ordered federal agencies to patch recently patched security vulnerabilities exploited as zero-days to deploy Triangulation spyware on iPhones via iMessage zero-click exploits.
The attacks started in 2019 and are still ongoing, according to the company, and they use iMessage zero-click exploits that exploit the now-patched iOS zero-day bugs.
iPhone 6s, iPhone 7, iPhone SE, iPad Air 2, iPad mini, and iPod touch Macs running macOS Big Sur, Monterey, and Ventura.
While BOD 22-01 primarily focuses on U.S. federal agencies, it is strongly recommended that private companies also prioritize addressing the vulnerabilities outlined in CISA's KEV list, which includes bugs known to be exploited in attacks.
CISA orders govt agencies to patch iPhone bugs exploited in attacks.
CISA orders govt agencies to patch MOVEit bug used for data theft.
News URL
Related news
- CISA orders agencies to patch BeyondTrust bug exploited in attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)