Stop > Install Apple’s 15.6.1 Update > Discuss
Stop > Right now. Pick up your iPhone or your Mac and download the updates immediately.
Install > here’s how: https://www.cnet.com/news/you-need-to-download-apples-1561-updates-heres-how/
Discuss > Once completed, understand that you have just addressed a significant vulnerability in Apple’s operating system that “may have been actively exploited.” This vulnerability is so significant that U.S. government’s Cybersecurity and Infrastructure Security Agency has issued a warning that “an attacker could exploit one of these vulnerabilities to take control of an affected device.”
Apple further clarified that the vulnerabilities give hackers the ability to take control of a device’s operating system to “execute arbitrary code” and potentially infiltrate devices through “maliciously crafted web content.” Serious business indeed. This is an example of a “zero-day” vulnerability, a broad term that describes recently discovered security vulnerabilities that hackers can use to attack systems. The term “zero-day” refers to the fact that the vendor or developer has only just learned of the flaw – which means they have “zero days” to fix it. A zero-day attack takes place when hackers exploit the flaw before developers have a chance to address it.
What are the takeaways here?
- Initially, when it comes to updating/patching, we must all remain vigilant. Whether it’s your personal devices, requiring you to staying on top of updates, or your company’s network, requiring the basic blocking and tackling established by your Information Security Program, these tasks are mandatory
- Secondly, we can’t close our eyes based on exploit-fatigue. Yes, there are new attacks every day, and yes, we can’t open any media feed without reading about it. The natural reaction is to grow numb. But our privacy and our security are too important to let that happen.
- Finally, see the big picture. Our third-party vendors (in this case, Apple), are critical to our privacy and our security. Understanding and assessing our third-party vendors is as important as assessing our own networks.
Remember, an attack on one of us is an attack against all of us. Understand your vulnerabilities; stay vigilant.