CISA orders govt agencies to patch iPhone bugs exploited in attacks

22-May-23

Federal organisations must now fix three recently fixed zero-day vulnerabilities affecting iPhones, Macs, and iPads that are known to be used in attacks, according to a directive from the U.S. Cybersecurity & Infrastructure Security Agency (CISA). The three security flaws, all discovered in the WebKit browser engine, are catalogued as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373.

Once successfully exploited, they give attackers access to sensitive data on the compromised device, the ability to enter the browser sandbox, and arbitrary code execution.With better bounds checks, input validation, and memory management, the three zero-days were fixed in macOS Ventura 13.4, iOS and iPadOS 16.5, tvOS 16.5, watchOS 9.5, and Safari 16.5 releases.

Read More…