Blog

Apple Users! New Vulnerabilities Being Exploited
In today’s digital age, where our lives are intertwined with technology, safeguarding our digital presence has become paramount. We’re here to raise the alarm regarding critical security vulnerabilities that have emerged within Apple products, vulnerabilities that are actively being exploited. Your devices and security are at stake, and it’s our responsibility to keep you informed and protected.
On September 7, 2023, Apple released emergency security updates addressing two vulnerabilities
- CVE-2023-41064: A Buffer Overflow vulnerability affecting macOS, iOS, and iPadOS, which can be exploited by processing a maliciously crafted image, leading to arbitrary code execution.
- CVE-2023-41061: A Validation Issue vulnerability affecting watchOS, iOS, and iPadOS, where a maliciously crafted attachment may result in arbitrary code execution.
These vulnerabilities have been observed in use by a zero-click exploit chain known as BLASTPASS, designed to deploy Pegasus spyware. Pegasus is a potent tool used by the NSO Group, an Israeli-based organization known for supplying spyware to foreign governments targeting government officials, journalists, embassy workers, and other sectors.
Our Recommendations:
If your Apple device is currently under TSI’s management, we will be updating your iOS as part of your managed services agreement.
If your device is not under our management, please let us know if you would like our assistance applying these updates. If you would like to apply these changes yourself, we strongly recommend taking the following actions immediately:
- Upgrade Apple Products: Upgrade your affected devices to the latest secure versions.
- For MacOS: Upgrade to MacOS Ventura 13.5.2 via System Settings > Software Update.
- For iPhone and iPad devices: Update to iOS 16.6.1 and iPadOS 16.6.1 by going to Settings> General > Software Update.
- Enable Lockdown Mode: Citizen Lab advises at-risk users to enable Lockdown mode, as confirmed by Apple’s Security Engineering and Architecture team, as it effectively blocks this particular attack.
- Maintain Regimented Patching/Updating Routine: Please work with your team to ensure that all users leave their machines running in preparation to your pre-scheduled patching and update windows to minimize operational impact while addressing these critical vulnerabilities; You are only as strong as your weakest link!
- Enroll your Apple Device to TSI Management: If you use a personal device (eg. smartphone, tablet, smart watch etc.) with email and/or access to your organization’s network, we highly recommend enrolling your device under TSI’s management. TSI can provide the assurance that your personal and professional data is safeguarded against similar type threats and help minimize the threat vector that unmanaged devices present.
Conclusion
In a world where digital threats constantly evolve, our commitment to your security remains unwavering. Take these recommendations to heart, and together, we’ll fortify your defenses against the ever-present dangers of the digital landscape. Stay safe, stay secure, and let’s navigate this challenging terrain together.
As always, your security is our top priority. We are always here to address your questions as your dedicated IT support and cybersecurity partner. Stay vigilant, and if you have any questions or concerns, please reach out to your Account Manager. Thank you in advance for your attention to this matter and have a great start to the week.
Categories
- Backup & Disaster Recovery
- Business Operations
- Case Studies
- Cloud Services
- Cyber Security
- Employee Spotlight
- Finance & Budgeting
- Glossary Term
- Governance & IT Compliance
- Managed Services
- Mobile Device Management
- Network Infrastructure
- NIST 800-171 & CMMC 2.0
- PCI
- Podcast
- Project Management
- TSI
- Uncategorized
- vCIO
Cyber Security Policy Starter Kit:
10 Critical Policies That Every Company Should Have in Place
