IT Alert: Apple Virus & Zero-Day Spyware
IT Alert: Patch Now!
Apple announced a security hole flaw (aka virus, spyware or malware) in it’s WebKit component that’s described as “Processing maliciously crafted web content may lead to arbitrary code execution.” The WebKit is a low-level operating system component that is responsible for processing data fetched from remote web servers for Safari and many other web-based windows programmed into hundreds of apps. The spyware is likely already wreaking havoc on unknowing users.
What is Zero-Day?
Zero-day is the term often used to describe cyber attacks and security vulnerabilities that have only just been revealed but are likely putting users or networks at risk. These types of vulnerabilities are often critical and developers have to resolve the issue immediately, based on it’s potential threat. So, they have zero days to develop a patch to protect against the attack. While Apple viruses have historically been less common, the increased frequency of these types of events makes clear the importance of patches and updates.
What Does This Mean for Average User?
While Apple is somewhat elusive on their technology, hacks, and viruses, the patch and associated updates give every indication that the hole is likely already being used by bad actors and hackers so the immediate vulnerability is real. The way that this type of issue usually manifests itself could be through booby-trapped websites that look 100% legit, but have malware that can harm your device and data. This type of web-based RCE (remote code execution) will not necessarily provoke popups or warnings – thus making the threat even more harmful. Just opening the website could be enough to infect your device. Since many apps and browsers must utilize WebKit, users of non-Apple browers like Firefox, Chrome or Edge are also susceptible.
What To Do
Check for an update on any Apple devices now! There are some products, operating on iOS15 or iOS12 that may not yet have an update or patch available, so be sure to set your device for automatic daily updates to ensure that you receive the patch as soon as it’s available.
With so many employees accessing websites, networks, and cloud services from mobile devices and laptops, it’s more critical than ever to have proper endpoint security measures in place to protect your business’ data. Contact Conscious Networks for a free assessment or to learn more about the ways that our Endpoint Security services can protect you and your team.
Additional Information on this alert can be found at Sophos.