Cybersecurity insight into Apple’s latest vulnerability
IMAGE: © AFP
Independent researchers say a critical vulnerability relating to Apple’s operating system has been exploited by notorious surveillance software to spy on a Saudi activist. This came to light, the New York Times reports, when researchers at Citizen Lab, a cybersecurity watchdog organization at the University of Toronto, discovered that the activist’s iPhone had been infected with an advanced form of spyware.
Apple has issued an update, however all iPhones with software before the 14.8 update were (and in many cases are) at risk of being hacked. Ivan Krsti, head of Apple Security Engineering and Architecture said: “Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.” However, he further added that the vulnerability is “not a threat to the overwhelming majority of our users.” (As quoted by ABC News).
The vulnerability comes in the form of an exploit. This is a piece of software or a series of commands that takes advantage of a bug or vulnerability.
Nick Tausek, Security Solutions Architects at Swimlane provides an assessment of coverage of Apple’s critical vulnerability.
Tausek looks at the background of the vulnerability, finding: “This zero-day, zero-click vulnerability is significant because it requires no user interaction and impacts all versions of Apple’s iOS, OSX, and watchOS.”
He notes that the initial focus was with the everyday user; now this focus is moving up to the enterprise level: “While the first inclination is to focus the impact to consumers, the much larger danger lies within companies whose employees are using their personal apple devices for work.”
There is a reason for this increased business focus and the change to the way work is organized is central to this, as Tausek discovers: “Amid the pandemic, the adoption of bring you own device (BYOD) policies has exploded across industries. Even organizations that previously shied away from this type of program have been pushed to adopt it to better accommodate remote work”.
When such situations occur, what can be done to minimize the impact? Tausek advises: “To prevent vulnerabilities such as this one from compromising employees and the organization’s sensitive data, companies should look to centralize and automate their current security threat detection, response and investigation protocols into a single platform.”
Tausek also recommends: “Automated detection and response workflows can help enterprises stop the otherwise hidden cross-pollination between personal device communications and access to sensitive corporate resources and information.”
Hence, Tausek concludes: “By embracing comprehensive security automation, security teams can also free up time to keep up with the evolution of threat tactics, ultimately enhancing security preparedness.”
Gloss