At designDATA, we strive to inform our customers of significant Cybersecurity developments. We both want you to know how we are protecting your systems under our care and how your staff can protect yourself on your personal devices.
Apple has just released two Zero-Day patches for its Mac computer, iPhone, and iPad devices. A Zero-Day patch addresses a vulnerability that is being actively exploited by cyber-criminals (that is, you have “zero days” left to patch). Zero-Day patches and vulnerabilities are extremely impactful and time-sensitive, usually requiring immediate action.
These two vulnerabilities can be used in tandem: The first vulnerability (CVE-2022-32893) is a Remote Code Execution hole in Apple’s HTML rendering software, called WebKit. When exploited, this vulnerability allows a bad actor to install spyware on any Mac computer that views a prepared, booby-trapped Web page. The second vulnerability (CVE-2022-32894) is a kernel code execution hole could allow that spyware to gain full admin access to the Apple device via spyware installed from the first vulnerability. In total, these two vulnerabilities could allow a bad actor to gain complete control of your Apple device if you view an aforementioned booby-trapped Web site. This control could allow them to access all data on the device, upload the data, take screenshots, record video from the camera, and other actions.
For Mac computers under designDATA’s management, no action is required on your part or on your staff’s part. designDATA is already actively deploying these patches to your affected computers. For iPhones, iPads, and personal Mac computers not managed by designDATA, we strongly encourage your staff to update these devices as quickly as possible. They can do this using Apple’s built-in update utilities:
- On an iPhone or iPad, go to Settings -> General -> Software Update
- On a Mac, go to Apple Menu -> About this Mac -> Software Update…
Note that these updates are available for iPhones and iPads running OS 15. If you have devices running earlier operating systems, they should be updated to OS 15. If your device is not capable of running OS 15, it will be ineligible for this patch and will remain a security vulnerability, and you should consider replacing it.
Also note that these updates are available for macOS Monterey 12. There is not yet a patch available for the two prior versions (Big Sur and Catalina), although one is expected from Apple. Devices not running these operating systems should be upgraded or replaced.
Apple’s full security bulletin can be found here: https://support.apple.com/en-us/HT201222. If you have any questions about this notice or about designDATA’s updates to your systems, please contact your Program Manager or Technical Account Manager. Thank you.
Matt Ruck is the President and CEO of designDATA. While he has spent nearly 25 years with this organization, Matt’s objective has never changed: he is committed to enhancing designDATA’s managed technology and cybersecurity services. In particular, some of the areas that Matt contributes to are: Data center initiatives, cloud computing, converged networking, VoIP telephony, contingency planning, and telecommunications. Matt supplements his extensive experience in the industry with rewarding certifications, like Microsoft’s MCSE and VMware’s VCPR.