The US Cybersecurity and Infrastructure Security Agency (CISA) has added two security issues to its Known Exploited Vulnerabilities (KEV) catalog: a privilege escalation issue in Microsoft Windows, and a remote code execution vulnerability in iOS, iPadOS, and macOS. Microsoft released a fix for the vulnerability on Tuesday, September 13. Apple patched the RCE flaw on Monday, September 12. Federal agencies are required to apply fixes by October 5.
Note
- Note there are three Linux kernel flaws listed as well, but you have until October 6th to fix them. Don’t overlook Linux in your monthly patch cycle