Why Apple products are more vulnerable than ever to security threats

Couldn't attend Transform 2022? Check out all the summit sessions in our on-demand library now! Look here.

As the largest tech company in the world, reaching a market value of $2.6 trillion, you'd be forgiven for thinking that Apple's position is unassailable. However, the discovery of two new zero-day vulnerabilities suggests the vendor may be more vulnerable to threat actors than previously thought.

Last week, on August 17, Apple announced that it had discovered two zero-day vulnerabilities for iOS 15.6.1 and iPadOS 15.6.1. The former would allow an application to execute arbitrary code with kernel privileges, the latter would mean that processing maliciously crafted web content may lead to the execution of arbitrary code.

With the steady increase in adoption of macOS devices in enterprise environments, reaching 23% last year, Apple products are becoming a bigger target for businesses.

Traditionally, the wider adoption of Windows devices has made them the number one target for attackers, but as enterprise use of Apple devices increases due to the pandemic-accelerated remote work movement, threat actors will spend more time targeting Apple devices to gain initial access to environments, and businesses need to be prepared.
Event
MetaBeat 2022

MetaBeat will bring together thought leaders to advise on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.
register here
These recently discovered vulnerabilities, which Apple reports are "actively exploited", allow an attacker to remotely deploy malicious code, which would allow an attacker to break into a corporate network.

“A compromised personal device could result in initial access to the corporate environment. Defenders should release patches immediately and send notifications that employees should patch personal iPhones, iPads, or Macs,” said Rick Holland, CISO at Digital Shadows, provider of digital risk protection.

The problem is that security teams can't update employee devices the way they would with on-premises resources, and with the line between work and personal devices becoming increasingly blurred, it's becoming more difficult to guarantee that all the infrastructure is properly maintained. .

"While you can patch company devices, you can't update all personal devices that employees might be using," Holland said.

Considering that the lines between work and personal devices have become increasingly blurred in this era of hybrid working, with 39% of workers using personal devices to access corporate data, any employee using Apple devices to access key resources could be subject to data-at-risk regulations.

As a result, even organizations that do not use Apple devices on-premises cannot guarantee that they are protected against these vulnerabilities.

In response to Apple's new vulnerabilities, CISOs and security managers should verify that all onsite and remote personal devices have the necessary patches. Failure to do so could leave an entrance...

Startups Aug 23, 2022 0 86 Add to Reading List

Why Apple products are more vulnerable than ever to security threats

Couldn't attend Transform 2022? Check out all the summit sessions in our on-demand library now! Look here.

As the largest tech company in the world, reaching a market value of $2.6 trillion, you'd be forgiven for thinking that Apple's position is unassailable. However, the discovery of two new zero-day vulnerabilities suggests the vendor may be more vulnerable to threat actors than previously thought.

Last week, on August 17, Apple announced that it had discovered two zero-day vulnerabilities for iOS 15.6.1 and iPadOS 15.6.1. The former would allow an application to execute arbitrary code with kernel privileges, the latter would mean that processing maliciously crafted web content may lead to the execution of arbitrary code.

With the steady increase in adoption of macOS devices in enterprise environments, reaching 23% last year, Apple products are becoming a bigger target for businesses.

Traditionally, the wider adoption of Windows devices has made them the number one target for attackers, but as enterprise use of Apple devices increases due to the pandemic-accelerated remote work movement, threat actors will spend more time targeting Apple devices to gain initial access to environments, and businesses need to be prepared.

Event

MetaBeat 2022

MetaBeat will bring together thought leaders to advise on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

These recently discovered vulnerabilities, which Apple reports are "actively exploited", allow an attacker to remotely deploy malicious code, which would allow an attacker to break into a corporate network.

“A compromised personal device could result in initial access to the corporate environment. Defenders should release patches immediately and send notifications that employees should patch personal iPhones, iPads, or Macs,” said Rick Holland, CISO at Digital Shadows, provider of digital risk protection.

The problem is that security teams can't update employee devices the way they would with on-premises resources, and with the line between work and personal devices becoming increasingly blurred, it's becoming more difficult to guarantee that all the infrastructure is properly maintained. .

"While you can patch company devices, you can't update all personal devices that employees might be using," Holland said.

Considering that the lines between work and personal devices have become increasingly blurred in this era of hybrid working, with 39% of workers using personal devices to access corporate data, any employee using Apple devices to access key resources could be subject to data-at-risk regulations.

As a result, even organizations that do not use Apple devices on-premises cannot guarantee that they are protected against these vulnerabilities.

In response to Apple's new vulnerabilities, CISOs and security managers should verify that all onsite and remote personal devices have the necessary patches. Failure to do so could leave an entrance...