The US government is having to patch a whole lot of iPhones

Sead Fadilpašić

May 23, 2023 at 8:15 AM·2 min read

Apple logo on the side of a building

All Federal Civilian Executive Branch Agencies (FCEB) have until June 12 this year to patch a whole lot of Apple-made devices and thus protect their employees and systems from vulnerabilities allegedly being exploited in the wild.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued a new order, telling FCEB organizations to secure their endpoints against three known vulnerabilities: CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373.

"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA said in a statement.

WebKit woes

Apple recently published a security advisory detailing the discovery of three flaws in its WebKit browser engine. WebKit is Apple’s browser engine best known for being the underlying technology in the Safari web browser, as well as being used in all web browsers on iOS and iPadOS. As such, WebKit is an attractive target for threat actors looking for vulnerabilities that can be used to grant access to the target endpoint.

One is a sandbox escape flaw, one an out-of-bounds read flaw that allows threat actors unabated access to sensitive information, and one a use-after-free vulnerability allowing for arbitrary code execution. All three were fixed with improved bounds checks, input validation, and memory management.

> This brute-force fingerprint attack could break into your Android phone

> Apple just patched a pair of dangerous iOS and macOS security issues, so update now

> Here's our list of the best ID theft protection tools around

Here’s the full list of affected endpoints:

iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), iPod touch (7th generation), and iPhone 8 and later
iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Macs running macOS Big Sur, Monterey, and Ventura
Apple Watch Series 4 and later
Apple TV 4K (all models) and Apple TV HD

To secure their devices, the FCEBs should update them to macOS Ventura 13.4, iOS and iPadOS 16.5, tvOS 16.5, watchOS 9.5, and Safari 16.5.

While Apple did not say who was exploiting these flaws and to what end, BleepingComputer says given they were discovered by Google's Threat Analysis Group and Amnesty International's Security Lab, they were most likely used by state-sponsored threat actors.

Stay protected online with these best endpoint security software

Via: BleepingComputer

Yahoo Sports
Former NBA guard Darius Morris dies at 33
Former NBA guard Darius Morris has died at the age of 33. He played for five teams during his four NBA seasons. Morris played college basketball at Michigan.
Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Yahoo Sports
Phil Mickelson on the majors: 'What if none of the LIV players played?'
Phil Mickelson hints that big changes could be coming to LIV Golf's rosters, and the majors will need to pay attention.
Yahoo Sports
Bulls' Lonzo Ball picks up $21.4 million option for 2024-25 season amid knee concerns
Ball hasn't played since the 2021-22 season.
Yahoo Sports
No one was airing Angel Reese and Kamilla Cardoso's WNBA preseason debuts, so an X user livestreamed it
The quality was choppy, but it was better than what the WNBA had.
Yahoo Sports
Kyle Larson beats Chris Buescher at Kansas in closest finish in NASCAR history
Larson won by 0.001 seconds.
Yahoo Sports
New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal
It turns out the money was going from Ohtani's bank account to an illegal bookie to ... casinos.
Yahoo Sports
NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?
Which teams did the best in the NFL Draft?
Yahoo Sports
2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick
Yahoo Sports' Charles McDonald breaks down the Broncos' 2024 draft.
Yahoo Sports
Monday Leaderboard: Brooks Koepka is ready to slow the Scottie Scheffler train
A dominant LIV win and a heartbreaking PGA Tour loss headline this week's top golf stories
Yahoo Sports
Anthony Edwards' arrival should have the Nuggets — and the entire league — on high alert
The Timberwolves' rising superstar led Minnesota to a Game 1 victory over Denver, then reminded the world that he's 22, not 23 ... yet.
Yahoo Sports
Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race
Race organizers say they'll revoke a Trump fundraiser's suite license if he holds an event for the former president on Sunday at the race.
Yahoo Sports
The Scorecard: Andy Pages looks set to go down as one of the fantasy baseball waiver wire pickups of 2024
Fantasy baseball analyst Dalton Del Don delivers his latest batch of hot takes as we enter Week 6 of the season.
Autoblog
Why did Musk ax the Supercharger team?
Elon Musk’s decision to dismiss much of Tesla’s Supercharger team this week came as a shock. A look at possible reasons why he did it.
Yahoo Finance
CVS stock plunges after earnings numbers one analyst 'did not even believe'
CVS warns it could cede Medicare Advantage market share as reimbursement rates pressure the company.
Yahoo Sports
Kentucky Derby: Mystik Dan wins in three-horse photo finish, outruns favorite Fierceness in stunning upset
The 150th Kentucky Derby produced yet another magnificent two-minute spectacle.
Yahoo Sports
Lionel Messi smashes MLS and personal records with goal, 5 assists in a single half
Messi needed just 33 minutes to do things that no MLS player had ever done in a full game, and that Messi had never done in his career.
Yahoo Sports
UFC 301: Anthony Smith confronts career reality after reconciling with the man who knocked out his teeth
After 56 pro fights and losses in three of his last four, the UFC veteran knows what fans think about the state of his career – but he also knows they've been wrong before.
Yahoo Sports
Ex-Florida State QB and 1999 Fiesta Bowl starter Marcus Outzen dies at 46
The Seminoles lost 23-16 to Tennessee in the first-ever BCS title game.
Autoblog
Edmunds bought a Fisker Ocean, warns others not to make the same mistake
Edmunds bought a Fisker Ocean and details the highs and lows of ownership while warning others not to make the same mistake.

News

Life

Entertainment

Finance

Sports

New on Yahoo

The US government is having to patch a whole lot of iPhones

WebKit woes

Recommended Stories

Former NBA guard Darius Morris dies at 33

The FDIC change that leaves wealthy bank depositors with less protection

Phil Mickelson on the majors: 'What if none of the LIV players played?'

Bulls' Lonzo Ball picks up $21.4 million option for 2024-25 season amid knee concerns

No one was airing Angel Reese and Kamilla Cardoso's WNBA preseason debuts, so an X user livestreamed it

Kyle Larson beats Chris Buescher at Kansas in closest finish in NASCAR history

New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal

NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?

2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick

Monday Leaderboard: Brooks Koepka is ready to slow the Scottie Scheffler train

Anthony Edwards' arrival should have the Nuggets — and the entire league — on high alert

Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race

The Scorecard: Andy Pages looks set to go down as one of the fantasy baseball waiver wire pickups of 2024

Why did Musk ax the Supercharger team?

CVS stock plunges after earnings numbers one analyst 'did not even believe'

Kentucky Derby: Mystik Dan wins in three-horse photo finish, outruns favorite Fierceness in stunning upset

Lionel Messi smashes MLS and personal records with goal, 5 assists in a single half

UFC 301: Anthony Smith confronts career reality after reconciling with the man who knocked out his teeth

Ex-Florida State QB and 1999 Fiesta Bowl starter Marcus Outzen dies at 46

Edmunds bought a Fisker Ocean, warns others not to make the same mistake