IT Security

Apple has released security updates for a zero-click vulnerability found in Apple devices including iPhone, iPad, Mac and Apple Watch. The flaw was discovered by an independent researcher, and as a result, anyone with an Apple device listed above are urged to update their devices immediately to protect themselves from the malware.

What is the vulnerability?

The vulnerability was discovered by Canadian internet security watchdog, Citizen Lab, who only discovered this particular flaw recently as part of its investigation into the zero-day (which refers to how little time it gives companies the chance to roll out a fix) vulnerability that was reportedly exploited by Israeli firm NSO group to spy on at least one Bahraini activist, back in August.

The original zero-day vulnerability took advantage of a flaw in Apple’s iMessage which allowed for a huge amount of control of the target device including personal data, photos, location and messages.

In its latest findings, Citizen Lab have said the zero-click vulnerability exploits a weak spot in how Apple devices render images on display.

For reference, a zero-click vulnerability simply refers to a security flaw in a system that allows a potential hacker to get into a device without the victim needing to click anything (which is normally how a hacker would infect a device).

Why is this important?

This is such a significant event because not only is it another example of Malware infecting devices without the victim physically initiating it themselves (which was a method deemed nearly impossible to do not too long ago), but the severity of this is increased tenfold as it affects nearly every single Apple device – even devices that may have been on the most recent version of their operating system.

It is also the first time a zero-click exploit has been caught and analysed successfully, and head of Apple security engineering and architecture commended Citizen Lab on "completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly".

Citizen Lab have said they had sent its finding to Apple on the 7th September, and since then the multi-national technology company has been working relentlessly to patch the security loophole and release an update for Apple users to download and install.

What should you do as a business?

If your company uses any Apple devices, you should ensure all devices are updated to the latest version of their operating system immediately.

For iPhones and iPads you should ensure your device is updated to iOS 14.8, and the equivalent latest updates for MacOS and Apple Watch.

Conclusion

This is another example that highlights the importance of ensuring you and your company are as security-conscious as possible.

At the very least you should ensure any devices and applications have the latest updates installed because otherwise they may be susceptible to similar exploits like this.

Long term, you should consider implementing further security enhancements to not only combat the increasing amount of cyber-attacks, but to also help prevent them from happening in the first place.

if you would like further advice from ourselves then don’t hesitate to contact us.