Two zero-day vulnerabilities have been discovered for Apple products in the last few days. As a leading Managed Services Provider, Stronghold Data takes all threats seriously, and we have been closely monitoring the situation. Here are a few things that Apple user needs to know about these vulnerabilities.
Who is affected?
Three Apple Products are known to have been affected by these zero-day vulnerabilities. They include:
- Macs running macOS Monterey versions prior to 12.5.1.
- iPhone models 6S and later, running iOS versions prior to 15.6.1.
- All iPad Pro models, iPad Air 2 (and later), iPad 5th gen (and later), iPad Mini 4 (and later), and iPod touch (7th Gen) that are running iOS versions prior to 15.6.1.
If you are using an Apple product that matches any of these criteria, you could be vulnerable.
What can these vulnerabilities do?
In a nutshell, the first of these two vulnerabilities, known as CVE-2022-32893, could allow a cybercriminal to implant malware onto your device if you view certain (booby-trapped) webpages.
If the malware is implanted onto your device from the first vulnerability, the cybercriminal could then leverage the second vulnerability, known as CVE-2022-32894, to escalate their privileges on your device. This could grant them access from everything from a single app, to your entire operating system, and gaining admin access that is typically only reserved for Apple itself.
If an attacker were to take advantage of these vulnerabilities they would likely be able to do some or all of the following:
- Spy on any and all apps currently running
- Download and start additional apps without going through the App Store
- Access almost all data on the device
- Change system security settings
- Retrieve your location
- Take screenshots
- Use the cameras in the device
- Activate the microphone
- Copy text messages
- Track your browsing
What can be done to protect against these vulnerabilities?
If you use any of the above mentioned devices and/or operating systems, it’s vital that you update all of your systems immediately. Apple has released patching updates in recent days to address these vulnerabilities. If you haven’t updated your Mac, iPhone, or iPad iOS systems recently, updating them in the next 48-hours or as soon as possible is crucial – especially since these vulnerabilities have been shown to be exploited in the wild. You can learn more about these vulnerabilities and Apple’s security updates here.
How MSPs can help protect against future vulnerabilities.
Businesses that do not use a Managed Services Provider can often find themselves in difficult or stressful situations when zero-day vulnerabilities like these become known. Using an MSP, like Stronghold Data, to manage all of your business IT and security services can give peace of mind and greatly decrease your risk of attack. Contact us to learn more.