The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert, adding critical security vulnerabilities affecting Apple and TP-Link products to its Known Exploited Vulnerabilities (KEV) catalog. This move signals that these flaws are not theoretical risks but are being actively exploited by malicious actors in real-world attacks.
For Apple users, two specific memory corruption vulnerabilities, tracked as CVE-2024-23225 and CVE-2024-23296, have been added. These affect multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, and watchOS. Reports indicate these vulnerabilities were part of a zero-click exploit chain, meaning attackers could potentially compromise devices without any interaction from the user, highlighting the severe risk posed to iPhones, iPads, Macs, and other affected devices.
Separately, a command injection vulnerability in TP-Link Archer series routers, identified as CVE-2023-1389, has also been included in the KEV catalog. This flaw could allow attackers to execute arbitrary commands on vulnerable routers, potentially giving them control over a user’s network traffic or access to internal networks.
CISA requires federal civilian executive branch agencies to immediately patch their systems against vulnerabilities listed in the KEV catalog within specific, short deadlines (typically 15 or 30 days). The inclusion of these Apple and TP-Link vulnerabilities means agencies must apply the necessary updates with utmost urgency.
However, the threat is not limited to government agencies. Since these vulnerabilities are under active exploitation, all individuals and organizations using affected Apple devices and TP-Link routers should treat this as a critical call to action. Applying the latest security updates provided by Apple and TP-Link is the single most important step to protect against these dangerous, actively used exploits. Failure to patch leaves systems highly vulnerable to compromise. This update from CISA underscores the absolute necessity of prompt and consistent patching to defend against current and emerging cyber threats.
Source: https://securityaffairs.com/179086/security/u-s-cisa-adds-apple-products-and-tp-link-routers-flaws-to-its-known-exploited-vulnerabilities-catalog.html
