The US government is having to patch a whole lot of iPhones

Government workers have only a few weeks to patch their Apple devices

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

All Federal Civilian Executive Branch Agencies (FCEB) have until June 12 this year to patch a whole lot ofApple-made devices and thus protect their employees and systems from vulnerabilities allegedly being exploited in the wild.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued a new order, telling FCEB organizations to secure their endpoints against three known vulnerabilities: CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373.

“These types of vulnerabilities are frequent attack vectors formaliciouscyber actors and pose significant risks to the federal enterprise,” CISAsaid in a statement.

WebKit woes

Apple recently published a security advisorydetailing the discovery of three flawsin its WebKit browser engine. WebKit is Apple’s browser engine best known for being the underlying technology in theSafariweb browser, as well as being used in all web browsers on iOS and iPadOS. As such, WebKit is an attractive target for threat actors looking for vulnerabilities that can be used to grant access to the target endpoint.

One is a sandbox escape flaw, one an out-of-bounds read flaw that allows threat actors unabated access to sensitive information, and one a use-after-free vulnerability allowing for arbitrary code execution. All three were fixed with improved bounds checks, input validation, and memory management.

This brute-force fingerprint attack could break into your Android phone>Apple just patched a pair of dangerous iOS and macOS security issues, so update now>Here’s our list of the best ID theft protection tools around

Here’s the full list of affected endpoints:

To secure their devices, the FCEBs should update them to macOS Ventura 13.4, iOS and iPadOS 16.5, tvOS 16.5, watchOS 9.5, and Safari 16.5.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

While Apple did not say who was exploiting these flaws and to what end,BleepingComputersays given they were discovered byGoogle’s Threat Analysis Group and Amnesty International’s Security Lab, they were most likely used by state-sponsored threat actors.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

We might have our first look at the long-rumored Samsung tri-fold