The United States Cybersecurity and Infrastructure Security Agency (CISA) has added three Apple operating system flaws to its Known Exploited Vulnerabilities Catalogue, urging federal agencies to patch them due to significant risk
The vulnerabilities, including those affecting Apple's web content rendering engine, are common targets for cyber attacks, according to CISA
Apple issued patches for the flaws last week, with two of them being addressed through the Rapid Security Response system for urgent updates
The affected Apple operating systems include Safari web browser, watchOS, tvOS, iOS, iPadOS, and macOS
The three vulnerabilities allow attackers to escape the browser sandbox, access sensitive information, and execute arbitrary code on compromised devices
The flaws were likely exploited in state-backed spyware attacks, as they were reported by researchers from Google's Threat Analysis Group and Amnesty International's Security Lab
Federal agencies, as per a binding operational directive, must deploy the patches before or on June 12, 2023, and private companies are advised to prioritize fixing the vulnerabilities as well