Why Apple products are more vulnerable than ever to security threats

Couldn’t attend Transform 2022? Discover all the summit sessions now in our on-demand library! Look here.

As the largest tech company in the world, reaching a market value of $2.6 trillion, you’d be forgiven for thinking Apple’s position was unassailable. However, the discovery of two new zero-day vulnerabilities suggests the vendor may be more vulnerable to threat actors than previously thought.

Last week, on August 17, Apple announced that it had discovered two zero-day vulnerabilities for iOS 15.6.1 and iPadOS 15.6.1. The former would allow an application to execute arbitrary code with kernel privileges, the latter would mean that processing maliciously crafted web content may lead to the execution of arbitrary code.

With the adoption of macOS devices in enterprise environments steadily increasing and reaching 23% last year, Apple products are becoming a bigger target for businesses.

Traditionally, the wider adoption of Windows devices has made them the number one target for attackers, but as enterprise use of Apple devices increases due to the pandemic-accelerated remote work movement, security players the threat will spend more time targeting Apple devices to gain initial access to environments, and organizations need to be prepared.


MetaBeat 2022

MetaBeat will bring together thought leaders to advise on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, California.

register here

So how bad is it really?

These newly discovered vulnerabilities, which Apple says are “actively exploited”, allow an attacker to remotely deploy malicious code, which would allow an attacker to break into a corporate network.

“A compromised personal device could result in initial access to the corporate environment. Defenders should release patches immediately and send notifications that employees should patch personal iPhones, iPads, or Macs,” said Rick Holland, CISO at Digital Shadows, provider of digital risk protection.

The problem is that security teams can’t update employee devices the way they would with on-premises resources, and with the line between work and personal devices becoming increasingly blurred, it becomes more difficult to ensure that all infrastructure is properly maintained.

“While you can patch corporate devices, you can’t update all personal devices employees might be using,” Holland said.

Considering that the lines between work and personal devices have become increasingly blurred in this era of hybrid working, with 39% of workers using personal devices to access corporate data, any employee using Apple devices to access key resources could put regulated data at risk. .

Therefore, even organizations that do not use Apple devices on-premises cannot guarantee that they are protected against these vulnerabilities.

The answer: apply patches

In response to Apple’s new vulnerabilities, CISOs and security managers should verify that all onsite and remote personal devices have the necessary patches. Failure to do so could leave an entry point open for an attacker.

The most effective way to address the risk of these new vulnerabilities is not just to use mobile device management solutions to help push updates to connected devices remotely, but to focus more on educating employees about the risks of not patching personal devices.

“These updates provide a security awareness opportunity to discuss risks to employee life and provide remediation instructions, including how to enable automatic updates,” Holland said.

VentureBeat’s mission is to be a digital public square for technical decision makers to learn about transformative enterprise technology and conduct transactions. Learn more about membership.

#Apple #products #vulnerable #security #threats

Leave a Comment