Connect with us

Hi, what are you looking for?

Technology

CISA orders federal agencies to update iPhones until Feb 25th

1642886655 CISA


CISA orders federal agencies to update iPhones until Feb 25th

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new flaw to its catalog of vulnerabilities exploited in the wild, an Apple WebKit remote code execution bug used to target iPhones, iPads, and Macs.

According to the binding operational directive (BOD 22-01) issued by CISA in November, federal agencies are now required to patch their systems against this actively exploited vulnerability impacting iOS, iPadOS, and macOS devices.

CISA said that all Federal Civilian Executive Branch Agencies (FCEB) agencies have to patch the vulnerability tracked as CVE-2022-22620 [1, 2] until February 25th, 2022.

“These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise,” the cybersecurity agency said.

“Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice.”

Yesterday, CISA also asked FCEB agencies to patch 15 other vulnerabilities tagged as being under active exploitation, with CVE-2021-36934 — a Microsoft Windows SAM (Security Accounts Manager) bug allowing privilege escalation and credential theft — having a February 24th patch deadline.

Third zero-day patched by Apple this year

The CVE-2022-22620 is the third zero-day Apple has patched since the start of 2022 and is a WebKit Use After Free issue exploitable for OS crashes and code execution on vulnerable devices.

Advertisement. Scroll to continue reading.

Successful exploitation enables attackers to execute arbitrary code on iPhones, iPads, and Macs after opening maliciously crafted web pages using Safari.

“In particular, all browsers for iOS and iPadOS are based on this open source engine — that is, not only iPhone’s default Safari, but also Google Chrome, Mozilla Firefox and any others,” Kaspersky said today. “So even if you do not use Safari, this vulnerability still affects you directly.”

“Apple is aware of a report that this issue may have been actively exploited,” the company added when describing the zero-day.

Apple has addressed the vulnerability with improved memory management in iOS 15.3.1, iPadOS 15.3.1, and macOS Monterey 12.2.1.

The complete list of impacted devices is quite extensive, and it includes iPhone 6s and later, multiple iPad models, and Macs running macOS Monterey.

Even though this flaw was likely only used in a small number of targeted attacks, it’s still highly recommended to install the updates as soon as possible to block potential attack attempts, just as CISA urged earlier today.

In January, Apple also patched two other actively exploited zero-days that can let attackers track browsing activity and users’ identities in real-time (CVE-2022-22594) and gain arbitrary code execution with kernel privileges (CVE-2022-22587).



Source link

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Latest

Online Business Success

Susan Naftulin is President and Co-Founder of Rehab Financial Group, LP a private money lender in the Philadelphia area. getty It’s a common story:...

Loan And Finance

Business & FinanceDeals 05 May 2022, 11:16 am. 1 minute Reuters exclusively reported Canada’s Brookfield Asset Management is working with banks to sell its...

Technology

German carmaker Audi has today announced it is integrating Apple Music into its infotainment system directly to “nearly all” of its models. The company...

Online Business Success

ISLAMABAD: Information Minister Marriyum Aurangzeb announced Thursday the federal government has devised an economic plan in a bid to take the country out of...

Loan And Finance

Authored by Pool Re Our new cyber terrorism series explores how terrorist organisations are harnessing the Internet to radicalise and train potential recruits, disseminate...

Loan And Finance

Business & FinanceDealsEnergyGovernmentPolitics 09 May 2022, 3:12 pm. 1 minute Reuters reported exclusively that the Canadian government is in discussion with the companies behind...

Advertisement

You May Also Like

Uncategorized

Introductions get a lot of attention. I’ve explored the topic of how to write them even though as a reader, I always skip them....

SEO Guide

There are all kinds of pictures of the world on the internet, but to find one of these specific pictures that you want to...

Online Business Success

The internet is now our nervous system. We are constantly streaming and buying and watching and liking, our brains locked into the global information...

Online Business Success

You can think of link building in many ways. I like to call it tedious, painful, and a test of patience. It’s also necessary...

Advertisement