Security News > 2023 > June > CISA orders agencies to patch iPhone bugs abused in spyware attacks
Today, CISA ordered federal agencies to patch recently patched security vulnerabilities exploited as zero-days to deploy Triangulation spyware on iPhones via iMessage zero-click exploits.
The attacks started in 2019 and are still ongoing, according to the company, and they use iMessage zero-click exploits that exploit the now-patched iOS zero-day bugs.
iPhone 6s, iPhone 7, iPhone SE, iPad Air 2, iPad mini, and iPod touch Macs running macOS Big Sur, Monterey, and Ventura.
While BOD 22-01 primarily focuses on U.S. federal agencies, it is strongly recommended that private companies also prioritize addressing the vulnerabilities outlined in CISA's KEV list, which includes bugs known to be exploited in attacks.
CISA orders govt agencies to patch iPhone bugs exploited in attacks.
CISA orders govt agencies to patch MOVEit bug used for data theft.
News URL
Related news
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)
- New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- CISA flags Craft CMS code injection flaw as exploited in attacks (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- WhatsApp patched zero-click flaw exploited in Paragon spyware attacks (source)
- CISA tags NAKIVO backup flaw as actively exploited in attacks (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)