US orders gov agencies to patch exploited Apple bugs

By

Three vulnerabilities in WebKit rendering engine.

The United States Cybersecurity and Infrastructure Security Agency (CISA) has added three recently disclosed flaws in Apple operating systems to its Known Exploited Vulnerabilities Catalogue, as they carry "significant risk to the federal enterprise".

US orders gov agencies to patch exploited Apple bugs

As such, US government agencies of the federal civilian executive branch are required to patch the vulnerabilities, as per the November 2021 Binding Operational Directive 22-01.

CISA said it strongly urges all organisations to use its vulnerabilities catalogue to reduce their exposure to cyber attacks.

The agency said that vulnerabilities such as the ones affecting Apple's web content rendering engine "are frequent attack vectors for malicious cyber actors."

Apple, which issued patches that address the vulnerabilities last week, said unnamed threat actors were actively exploiting the flaws, but did not say who, where and when.

Two of the exploited vulnerabilities were patched with Apple's new, out-of-band Rapid Security Response system which is used to issue urgent updates.

Apple's Safari web browser, watchOS, tvOS, iOS, iPadOS and macOS operating systems all received the security updates.

According to BOD 22-01, agencies must deploy the patches before or on June 12 US time at the latest.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Eagers Automotive finds unauthorised access to parts of IT systems

Eagers Automotive finds unauthorised access to parts of IT systems

Hackers hit Victoria's court recording database

Hackers hit Victoria's court recording database

St Vincent's Health Australia warns cyber attack forensics could "take some time"

St Vincent's Health Australia warns cyber attack forensics could "take some time"

Yakult Australia confirms cyber incident

Yakult Australia confirms cyber incident

Log In

  |  Forgot your password?