REGULATORY · COMPETITIVE · USA

CISA mandates patches for three iOS flaws

Ars Technica
Change
CISA added three iOS vulnerabilities to its catalog of known exploited vulnerabilities, requiring federal agencies under its authority to patch them.
CISA mandates patches for three iOS flaws
Why it matters
CISA added three iOS vulnerabilities to its catalog of known exploited vulnerabilities on Friday. The vulnerabilities were exploited over a 10-month span in hacking campaigns conducted by three distinct groups, as described in a Google report published Thursday. The campaigns used Coruna, an exploit kit that combined 23 iOS exploits into five exploit chains. CISA’s catalog entry requires federal agencies under CISA’s authority to patch the listed vulnerabilities.
Implications
  • iOS device fleets in covered federal agencies must be updated to versions that include fixes for the three listed vulnerabilities.
  • Federal vulnerability remediation tracking must include these three iOS items as required patch actions.
Who is affected
  • Federal civilian agency IT/security teams managing iOS devices
  • Mobile device management (MDM) administrators in federal agencies
Source

Ars Technica

Topics

Law & Public Safety Regulatory Actions Compliance Technology & Innovation Cybersecurity

Decision-grade intelligence

Be prepared — without the noise

Calm, decision-grade intelligence that flags material changes before they become social knowledge—so you can update assumptions, not chase headlines.

Delivered by email. Pro members get real-time access and the full archive.

Start free trial Sign in

No cadence. Only material change.