It used to be the joke of Apple device owners that viruses are a “Windows thing” and that they have nothing to do with that. As the adoption of Macs and iDevices is increasing across the board — among consumers as well as enterprises — they are becoming a lucrative target for hackers. So yes, today we also have malware for Apple-made devices…
New iOS vulnerabilities
On August 17 – Apple announced that it had discovered two zero-day vulnerabilities for iOS 15.6.1 and iPadOS 15.6.1 — whilst most users thought they were bulletproof. The first of the two vulnerabilities would enable an application to execute arbitrary code with kernel privileges, while the second would mean that processing maliciously crafted web content may lead to arbitrary code execution.
To make things worse, Apple said that both vulnerabilities are being “actively exploited,” allowing an attacker to break into an enterprise network potentially.
“A compromised personal device could result in initial access to the corporate environment. Defenders should push patches out immediately and send notifications that employees should be patching any personal iPhones, iPads, or Macs,” said Rick Holland, Chief Information Security Officer (CISO) at digital risk protection provider Digital Shadows.
The blurry line
It used to be that people used company-provided devices for business purposes and personal devices for everything else. That is no longer the case, with 39% of workers using personal devices to access corporate data — putting enterprises and their (potentially sensitive) data at risk.
As a result, even organizations that don’t use Apple devices on-site can’t guarantee they’re protected against these vulnerabilities.
So, you may wonder what could be done to prevent these and other vulnerabilities from being exploited by hackers.
Patching and updating
In response to the new Apple vulnerabilities, CISOs and security leaders will have to verify that all personal devices have the necessary patches. Failure to do so could leave an entry point open for an attacker to exploit.
Security experts suggest that the most effective way to tackle the risk of these new vulnerabilities is not only by using mobile device management (MDM) solutions to help push updates to connected devices remotely but also to put more focus on educating employees on the risks of failing to patch personal devices.
“These updates present a security awareness opportunity to discuss the risks to employees’ lives and provide patching instructions, including how to enable automatic updates,” Holland concluded.
…
We are always saying that you should keep all your devices up to date. These would include having all your apps updated, as well as your phones, tablets, computers, and even your router. Paired with an antivirus and a good VPN, you get a solid foundation to keep your data secure. It is just the world we live in, and we need all the tools we can get to stay safe…