On Tuesday, September 14, Apple announced its latest generation of products along with the major release of iOS 15.
Unfortunately, this coincided with an earlier announcement of an emergency software update due to a critical software vulnerability discovered within a series of Apple products. This vulnerability was identified by researchers at Citizen Lab, who found a flaw capable of allowing attackers to install invasive spyware on affected devices without the interaction of the owner.
What Makes This Apple Emergency Software Update Unique?
The spyware, currently named Pegasus by researchers, has the potential to eavesdrop or steal data from Apple devices. Its design uses a novel method to invisibly infect vulnerable software without the victim’s knowledge. Known as a “zero click remote exploit,” this method allows adversaries and threat actors to secretly access an owner’s device without tipping off the victim.
The following products should be updated to the corresponding versions with the emergency release immediately:
| Products | Vulnerabilities |
| macOS Big Sur 11.6 | CVE-2021-20860, CVE-2021-30858 |
| macOS Catalina | CVE-2021-20860 |
| watchOS 7.6.2 | CVE-2021-20860 |
| iOS 14.8 & ipadOS 14.8 | CVE-2021-20860, CVE-2021-30858 |
| Safari 14.1.2 | CVE-2021-30858 |
CVE-2021-30858 – This issue is fixed in iOS 14.8, iPadOS 14.8, macOS Big Sur 11.6 and Safari 14.1.2. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2021-20860 – This issue is fixed in iOS 14.8, iPadOS 14.8, macOS Big Sur 11.6, macOS Catalina and watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution.
Why Should the Corporate World Care About Apple Emergency Software?
Although it may look like the Apple emergency software updates are mainly affecting consumers, the corporate world should be mindful of this potential risk.
Many organizations, whether they use personal devices for two-factor authentication or allow bring-your-own-device (BYOD) practices within their environments, are in danger of a potential data breach or falling victim to a ransomware attack.
In recent years BYOD has become an increasingly attractive option for employees who want the freedom to work remotely. Coinciding with this, it has also expanded the attack surface for malicious attackers who are eager to exploit vulnerabilities. That is why it is important to establish sets of strong BYOD security policies and procedures within the organization.
The key components of a successful BYOD policy:
1. Decide whether BYOD is right for your organization
2. Define corporate-approved devices and software.
3. Define ownership of data by keeping corporate data separate from individual data.
4. Define security rules that cover both the device and the data within it.
5. Test security frequently, then revise and upgrade as threats and risks evolve.
6. Clearly communicate security rules, processes, and expectations to all employees.
7. Create a support structure for application troubleshooting and maintenance.
8. Develop a decommissioning approach for when an employee upgrades their device or leaves the company entirely.
According to The 2020 Arctic Wolf Security Operations Report and Cyber Risk Spotlight Report:
- On average, it takes 7.72 average days for hackers to exploit a vulnerability
- It takes an average of 120 days to patch a vulnerability. Common vulnerability and exposure (CVE) patch time has increased by 40 days. This is due to a combination of higher CVE volumes, more critical CVEs, and the emergence of a remote workforce, which—taken together—has significantly slowed down the patching programs of some organizations.
- Ransomware causes an average of 9.6 days of downtime, with an average ransom payment of $36,295.
These data points tell us that even the most sophisticated organizations are still vulnerable to attacks, especially through sophisticated exploits like Pegasus.
Getting Ahead of Top Cyberthreats
Managing your own environment is difficult work. When you combine this fact with limited resources, visibility, and the overwhelming tasks of setting up new cyber strategies, then the challenges of keeping up with the latest vulnerabilities and patching critical vulnerabilities in a timely manner are often too much for many information technology (IT) and security professionals to resolve.
Defending against modern security breaches is a matter of having the right people, processes, and tools in place. Unfortunately, many organizations continue to struggle with at least one, if not all, of those components.
Arctic Wolf combines the best of technology and human intelligence to help our customers stay ahead of threats. Leveraging our holistic visibility, and sophisticated data ingestion models, Arctic Wolf® Managed Detection and Response (MDR) is designed to detect threats and quickly contain them before they evolve into full-scale breaches.
Built on the industry’s only cloud-native platform to deliver security operations as a concierge service, Arctic Wolf® Managed Risk enables you to define and contextualize your attack surface coverage across your networks, endpoints, and cloud environments; provides you with the risk priorities in your environment; and advises you on your remediation actions to ensure that you benchmark against configuration best practices and continually harden your security posture.
Arctic Wolf is dedicated to ending cyber risk with 24×7, eyes-on-glass security delivered from our Concierge Security® Team. Leveraging the Arctic Wolf® Platform, which is enriched with emerging third-party threat and vulnerability intelligence, the Concierge Security Team helps organizations reduce cyber risk with comprehensive monitoring of the latest vulnerabilities, and provides expert insight and remediation steps when needed. We work with you on an ongoing basis to ensure your security operations are internally operationalized and more efficient, and that your security posture and cyber hygiene continually improve over time.
Learn more at arcticwolf.com.
