Security News > 2023 > September > CISA warns govt agencies to secure iPhones against spyware attacks
The U.S. Cybersecurity and Infrastructure Security Agency ordered federal agencies today to patch security vulnerabilities abused as part of a zero-click iMessage exploit chain to infect iPhones with NSO Group's Pegasus spyware.
On Monday, CISA added the two security flaws to its Known Exploited Vulnerabilities catalog, tagging them as "Frequent attack vectors for malicious cyber actors" and posing "Significant risks to the federal enterprise."
Federal agencies must secure all vulnerable iOS, iPadOS, and macOS devices on their networks against CVE-2023-41064 and CVE-2023-41061 by October 2nd, 2023.
While BOD 22-01 primarily focuses on U.S. federal agencies, CISA also strongly advised private companies to prioritize patching the two vulnerabilities as soon as possible.
Apple zero-click iMessage exploit used to infect iPhones with spyware.
CISA issues new warning on actively exploited Ivanti MobileIron bugs.
News URL
Related news
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- CISA warns of more Palo Alto Networks bugs exploited in attacks (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- CISA tags Progress Kemp LoadMaster flaw as exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-07 | CVE-2023-41064 | Classic Buffer Overflow vulnerability in Apple Ipados and Iphone OS A buffer overflow issue was addressed with improved memory handling. | 7.8 |
| 2023-09-07 | CVE-2023-41061 | Unspecified vulnerability in Apple Ipados A validation issue was addressed with improved logic. | 7.8 |