Why Apple products are more vulnerable than ever to security threats

Spread the love

Couldn’t make it to Transform 2022? Watch all the sessions from the summit in our on-demand library now! Look here.

As the world’s largest technology company, with a market value of $2.6 trillion, you’d be forgiven for thinking that Apple’s position was unassailable. However, the discovery of two new zero-day vulnerabilities suggests that the vendor could be more vulnerable to threat actors than previously thought.

Last week, on August 17, Apple announced that it had discovered two zero-day vulnerabilities for iOS 15.6.1 and iPadOS 15.6.1. The former would allow an application to execute arbitrary code with kernel privileges, the latter would mean that the processing of maliciously crafted web content can lead to the execution of arbitrary code.

With the adoption of macOS devices in enterprise environments steadily increasing and reaching 23% last year, Apple products are becoming an increasing target for businesses.

Traditionally, the broader adoption of Windows devices has made them the number one target for attackers, but as enterprise use of Apple devices increases due to the pandemic-accelerated remote work movement, threat actors will spend more time targeting apple devices to win. initial access to environments, and businesses need to be prepared.


MetaBeat 2022

MetaBeat will bring together thought leaders to provide guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

register here

So how bad is it really?

These newly discovered vulnerabilities, which Apple reports are being “actively exploited,” allow an attacker to remotely deploy malicious code, allowing them to gain access to a company network.

“A compromised personal device could result in initial access to the corporate environment. Defenders should implement patches immediately and send out notifications that employees need to patch any iPhone, iPad, or personal Mac,” said Rick Holland, CISO at digital risk protection provider Digital Shadows.

The problem is that security teams can’t update employee devices the same way they would on-site resources, and with the line increasingly blurring between personal and work devices, it becomes more difficult. ensure that all infrastructure is properly maintained.

“Even if you can patch corporate devices, you can’t update every personal device that employees might use,” Holland said.

Considering that the lines between work and personal devices have become increasingly blurred in this era of hybrid work, with 39% of workers using personal devices to access corporate data, any employee using Apple devices to access to key resources could be putting regulated data at risk. .

As a result, even organizations that do not use Apple devices on site cannot guarantee that they are protected against these vulnerabilities.

The answer: patch

In response to new Apple vulnerabilities, CISOs and security leaders should verify that all on-site and remote personal devices have the necessary patches. Otherwise, you could leave an open entry point for an attacker to exploit.

The most effective way to remediate the risk of these new vulnerabilities is not only by using mobile device management solutions to help push updates to connected devices remotely, but also to focus more on educating employees about the risks. of failing to patch personal devices.

“These updates present a security awareness opportunity to discuss risks to employee lives and provide patching instructions, including how to enable automatic updates,” Holland said.

The VentureBeat Mission is to be a digital public square for technical decision makers to learn about transformative business technology and transact. Learn more about membership.

#Apple #products #vulnerable #security #threats

Leave a Comment

Your email address will not be published.