Skip to main content

Federal agencies ordered to apply Apple security patches by November 17

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a Binding Operational Directive, requiring federal agencies to apply 24 Apple security patches.

The deadline for some of these is November 17, less than two weeks from now.

The directive is mandatory for federal agencies, and is recommended to all organizations. The Record notes that Apple is one of a number of companies whose patches must be applied.

The US Cybersecurity and Infrastructure Security Agency has established today a public catalog of vulnerabilities known to be exploited in the wild and has issued a binding operational directive ordering US federal agencies to patch affected systems within specific timeframes and deadlines.

The catalog – available online here – currently lists 306 vulnerabilities, with some as old as 2010, that are still being exploited in the wild.

This includes vulnerabilities for products from Cisco, Google, Microsoft, Apple, Oracle, Adobe, Atlassian, IBM, and many other companies, small and large alike.

For the vulnerabilities disclosed this year (with a CVE code of CVE-2021-*), CISA has ordered US federal civilian agencies to apply patches by November 17, 2021.

For older vulnerabilities, agencies have to patch systems by May 3, 2022.

“These vulnerabilities pose significant risk to agencies and the federal enterprise. It is essential to aggressively remediate known exploited vulnerabilities to protect federal information systems and reduce cyber incidents,” CISA said in a binding operational directive today.

The directive says that “it is essential to aggressively remediate known exploited vulnerabilities.”

The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy. The federal government must improve its efforts to protect against these campaigns by ensuring the security of information technology assets across the federal enterprise.

Vulnerabilities that have previously been used to exploit public and private organizations are a frequent attack vector for malicious cyber actors of all types. These vulnerabilities pose significant risk to agencies and the federal enterprise. It is essential to aggressively remediate known exploited vulnerabilities to protect federal information systems and reduce cyber incidents.

CISA Director Jen Easterly says that federal agencies are being targeted on a daily basis.

Every day, our adversaries are using known vulnerabilities to target federal agencies. As the operational lead for federal cybersecurity, we are using our directive authority to drive cybersecurity efforts toward mitigation of those specific vulnerabilities that we know to be actively used by malicious cyber actors.

You can see the full list of vulnerabilities here.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications