The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new flaw to its catalog of vulnerabilities exploited in the wild, an Apple WebKit remote code execution bug used to target iPhones, iPads, and Macs.
According to the binding operational directive (BOD 22-01) issued by CISA in November, federal agencies are now required to patch their systems against this actively exploited vulnerability impacting iOS, iPadOS, and macOS devices.
CISA said that all Federal Civilian Executive Branch Agencies (FCEB) agencies have to patch the vulnerability tracked as CVE-2022-22620 [1, 2] until February 25th, 2022.
"These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise," the cybersecurity agency said.
"Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice."
Yesterday, CISA also asked FCEB agencies to patch 15 other vulnerabilities tagged as being under active exploitation, with CVE-2021-36934 — a Microsoft Windows SAM (Security Accounts Manager) bug allowing privilege escalation and credential theft — having a February 24th patch deadline.
Third zero-day patched by Apple this year
The CVE-2022-22620 is the third ze ..
Support the originator by clicking the read the rest link below.
