In the last couple of days, it has come to light that Apple products including macOS, iOS, iPadOS, and watchOS have been hit with 4 different zero-day drive by attacks. This puts users at significant risk, and it’s recommended that they update immediate with the patches that Apple has made available.
Nature of the Attacks
These exploits are exceptionally nasty because they are a drive by attacks. That means that just visiting a website is enough to trigger the bug. You don’t have to click on anything or download any thing suspicious to be at risk. Users simply must be lured to an infected website to get breached themselves.
Once that website is visited it allows the bad guys to do remote code execution. Essentially, they have access to your machine and can run any number of attacks on that device remotely.
Zero-day attack means that a patch has not been released for this vulnerability when it started infecting people. Essentially you had zero days to patch in advance.
All those things together make these vulnerabilities worse than most and put iOS users in a vulnerable state. Get to work patching those devices.
How to get the updates
If you don’t have your devices set to auto update, it might be a good idea to turn that on. This bug is significant enough that you probably want to manually update your devices to make sure that you’re protected. Here’s how you do that.
On iDevices, go to Settings > General > Software Update.
On a Mac, it’s Apple menu > System Preferences > Software Update.
If you’ve already caught the latest updates, it should give you a notification that you’re all good. Otherwise, it will offer you an immediate update and you should do that right away.
Apples’ Patch Schedule
For some reason Apple is pretty much the only one of major manufactures that doesn’t patch on a regular schedule. They also communicate very little on what vulnerabilities they have and will address. There seems to be a cone of silence around security.
Apple’s website comments, “For the protection of our customers, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are generally available.”
While they may not want to tip their hand to the bad guys about any potential vulnerabilities they have found, security concerned users of their products would appreciate more transparency.
We recommend you patch all your Apple devices immediately. Stay safe out there.