Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Top News
Top News

CISA warns of active attacks targeting iOS devices, urgent patching required

Older iPhones Get Emergency Patch to Protect Against Spyware Attack

The Cybersecurity and Infrastructure Security Agency (CISA), known as America's cyber defense agency, has recently issued a warning about active attacks targeting iOS devices, including iPhones. This is a significant concern as CISA is an official website of the U.S. government and is responsible for protecting the nation's critical infrastructure.

The warning specifically addresses a high-rated vulnerability, known as CVE-2022-48618, which affects devices running certain versions of iOS, iPadOS, macOS, tvOS, and watchOS. This vulnerability allows malicious actors to bypass pointer authentication, posing significant risks to federal agencies and other organizations.

CISA's warning extends beyond just the Federal Civilian Executive Branch (FCEB) agencies. In fact, CISA strongly urges all organizations to take immediate action to address this security flaw. FCEB agencies have been given a strict deadline of 21 days to patch against CVE-2022-48618 and protect their networks from these active threats.

It's worth noting that this vulnerability is not new and has been exploited since at least December 2022. However, it was publicly disclosed on January 9, drawing attention to the issue. The vulnerability exists in versions of iOS prior to 15.7.1 and was patched in version 16.2 of iOS, iPadOS, and tvOS. Additionally, it was addressed in macOS Venture 13.1 and watchOS 9.2.

By adding CVE-2022-48618 to the Known Exploited Vulnerabilities catalog, CISA emphasizes the seriousness of leaving devices unpatched, not only for federal agencies but also for organizations outside the federal sphere. Binding Operational Directive 22-01 mandates that agencies remediate identified vulnerabilities by the specified due date if they have been added to the Known Exploited Vulnerabilities list.

This warning from CISA serves as a critical reminder of the ongoing threats to cybersecurity. It highlights the importance of promptly updating devices and software to protect against vulnerabilities that could be exploited by malicious actors. Organizations must prioritize cybersecurity measures to safeguard their systems, data, and crucial infrastructures.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.