A critical vulnerability in Apple’s iOS, macOS and watchOS software has been identified and patched in their latest security update. This is a severe security flaw, we urge all Apple users to check for and apply software patches immediately.
Apple addressed three zero-day bugs that are targeting iOS, macOS and watchOS in their recent and unexpected security updates that were rolled out last week.
It appears that the vulnerabilities are occupied by the WebKit, a browser engine that runs Safari, and utilised by the App Store, Apple mail client and other apps on macOS and iOS.
The vulnerability tracked as ‘CVE-2021-30657’, allows cybercriminals to craft a payload that could bypass ‘Gatekeeper’ – the security feature in macOS that enforces code signing and verifies downloaded applications in order to help keep malware off Mac devices.
“This payload can be used in phishing and all the victim has to do is double click to open the .dmg and double-click the fake app inside of the .dmg — no pop-ups or warnings from macOS are generated,” said Cedric Owens, who discovered the security loophole before reporting it to Apple.
What is a Zero-Day Bug
Zero-day is a security flaw of which the vendor of the flawed system has not patched. It is essentially a hole that hackers have found, that hasn’t been patched up yet, which is what makes zero-day vulnerabilities so risky and why it is so important to keep your security patches up to date.
What Can You Do?
The list of impacted devices includes iPhone 6s and later, all versions of the iPad Pro, iPad Air 2 and later, the 5th generation iPad and later, iPad mini 4 and later, and the 7th generation of iPod touch. Apple also issued security updates to address the same issue plaguing Apple Watch products (watchOS 7.4) and Apple TVs (tvOS 14.5)
Check your devices for updates and install any that are available now. Check both in your settings and in the app store.
If the security vulnerability isn’t enough to get you to patch your devices, and if you haven’t updated your devices for a while, you’re missing out on the new emojis. Including skin tone options for some existing popular emojis and new inclusive emojis. The rock climbing emojis is now featuring a helmet (#safetyfirst), the headphones now look like the AirPods Max and the syringe emoji is more generic.
Cybersecurity is talked about a lot today, and for a good reason. It can be really easy to fall victim to a cyberattack, it’s not just big companies that are targeted. Your best defence is education and awareness, with technology as your backup, knowing how to identify something malicious is the best way to keep you and your business safe online.
Our cybersecurity team across Melbourne, Sydney and Brisbane can help you assess whether you have the right measures in place, and what else you can do to stay safe online, get in touch to learn more.