Apple Releases Security Updates for Multiple Products

05/17/2022 12:00 PM EDT

Original release date: May 17, 2022

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Note: Apple notes they are aware of a report that states CVE-2022-22675 may have been actively exploited. CVE-2022-22675 affects watchOS, tvOS, and macOS Big Sur.

CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Updates

04/01/2022 02:48 PM EDT

Original release date: April 1, 2022

Apple has released security updates to address vulnerabilities—CVE-2022-22674 and CVE-2022-22675—in multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected device. These vulnerabilities have been detected in exploits in the wild.

CISA encourages users and administrators to review the security update page for the following products and apply the necessary updates as soon as possible:

This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Updates for Multiple Products

03/16/2022 07:37 AM EDT

Original release date: March 16, 2022

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the Apple security page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Updates for Multiple Products

02/11/2022 06:44 AM EST

Original release date: February 11, 2022

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Some of these vulnerabilities have been detected in exploits in the wild.

CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Adds 15 Known Exploited Vulnerabilities to Catalog

02/10/2022 08:16 AM EST

Original release date: February 10, 2022

CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.

CVE Number CVE Title Remediation Due Date

CVE-2021-36934

Microsoft Windows SAM Local Privilege Escalation Vulnerability

2/24/2022

CVE-2020-0796

Microsoft SMBv3 Remote Code Execution Vulnerability

8/10/2022

CVE-2018-1000861

Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability

8/10/2022

CVE-2017-9791

Apache Struts 1 Improper Input Validation Vulnerability

8/10/2022

CVE-2017-8464

Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability

8/10/2022

CVE-2017-10271

Oracle Corporation WebLogic Server Remote Code Execution Vulnerability

8/10/2022

CVE-2017-0263

Microsoft Win32k Privilege Escalation Vulnerability

8/10/2022

CVE-2017-0262

Microsoft Office Remote Code Execution Vulnerability

8/10/2022

CVE-2017-0145

Microsoft SMBv1 Remote Code Execution Vulnerability

8/10/2022

CVE-2017-0144

Microsoft SMBv1 Remote Code Execution Vulnerability

8/10/2022

CVE-2016-3088 

Apache ActiveMQ Improper Input Validation Vulnerability

8/10/2022

CVE-2015-2051

D-Link DIR-645 Router Remote Code Execution

8/10/2022

CVE-2015-1635

Microsoft HTTP.sys Remote Code Execution Vulnerability

8/10/2022

CVE-2015-1130

Apple OS X Authentication Bypass Vulnerability

8/10/2022

CVE-2014-4404

Apple OS X Heap-Based Buffer Overflow Vulnerability

8/10/2022

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.

This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Updates for Multiple Products

01/27/2022 01:40 PM EST

Original release date: January 27, 2022

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Updates for iOS and iPadOS

01/13/2022 11:14 AM EST

Original release date: January 13, 2022

Apple has released security updates to address a vulnerability affecting iOS 15.2.1 and iPadOS 15.2.1. An attacker could exploit this vulnerability to cause a denial-of-service condition. 

CISA encourages users and administrators to review the Apple security page for iOS 15.2.1 and iPadOS 15.2.1 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Updates for Multiple Products

12/14/2021 08:39 AM EST

Original release date: December 14, 2021

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Update for iCloud for Windows 13

11/11/2021 10:19 AM EST

Original release date: November 11, 2021

Apple has released a security update to address multiple vulnerabilities in iCloud for Windows 13. An attacker could exploit these vulnerabilities to take control of an affected system.  

CISA encourages users and administrators to review the Apple security page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Updates for Multiple Products

10/27/2021 11:10 AM EDT

Original release date: October 27, 2021

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.