Apple fixes their eighth exploited zero-day this year

Apple has released another security update to patch their eighth actively exploited zero-day vulnerability this year. This exploit has specifically affected a large range of iPhone and Macintosh devices. Although Apple has indicated this vulnerability may have been exploited by third parties, they have yet to release any further information regarding these attacks.

Impacted devices and models

  • iPhone 6s and later models
  • All iPad Pro models
  • iPad Air 2 and later
  • iPad 5th generation and later
  • iPad mini 4 and later
  • iPod touch 7th generation
  • Mac devices running MacOS Big Sur 11.7 and Monterey 12.6

Background: What is a zero-day?

“Zero-day” falls under the category of a vulnerability. In Cyber Security terms, a vulnerability “is a weakness in an IT system that can be exploited by an attacker to deliver a successful attack. They can occur through flaws, features, or user error, and attackers will look to exploit any of them to achieve their end goal”. Zero-day is a vulnerability that a hacker or third party can use to gain access to your device and system. These vulnerabilities are at the time unknown to the manufacturer or user; hence they have “zero days” to fix the issue. Zero-day exploits are generally not resolved until it has been exploited by a third party as the developer is unaware of the issue.

Zero-Day Statistics

  • 80% of data breaches in 2019 were the result of zero-day attacks
  • It is estimated that zero-day attacks are responsible for 42% of all cyber-attacks in 2021
  • Microsoft and Apple were the targets for a combined 35% of all zero-day attacks in 2021
  • In Q4 2021, zero-day malware accounted for 66% of all threats

The importance of updates

Patches and security updates are released to optimize, secure, and upgrade the existing software on your device and to mitigate security vulnerabilities that may be present. So far for 2022, there have been 18 zero-day vulnerabilities detected and exploited by third parties. Unfortunately for us as device users, generally the only countermeasure we have for a zero-day is to perform the software and security updates as soon as possible to mitigate our risk of falling victim to an attack. This enforces the importance of updating and patching any devices whether they are an Apple, Android, or Windows as a zero-day vulnerability may be present without you knowing. 

How to update your Macintosh device

Update your Mac:

  1. Go to the Apple menu
  2. Click About This Mac
  3. Select the Software Update option
  4. Check for available macOS updates – The System Preferences will appear and search for new macOS updates. If it finds any, click Update Now to download and install that update. If the update is already downloaded, click Restart Now to install it instead

Full Detailed instructions

Update your iPhone, iPad, or iPod:

  1. Back up your device using iCloud or your computer.
  2. Plug your device into power and connect to the internet with Wi-Fi.
  3. Go to Settings > General, then tap Software Update.
  4. Choose the software update that you want to install.
  5. Tap Install Now. If you see Download and Install instead, tap it to download the update, enter your passcode, then tap Install Now.

Full Detailed Instructions 

As always, we are reliant on people being vigilant and reporting suspicious activity on their systems to servicedesk@une.edu.au, +61 (2) 67735000.
If you haven’t already, we would encourage you to visit the UNE Cyber Security webpage and undertake the UNE Cyber Security Awareness training.

Thanks for your support in helping us maintain the cyber security integrity of UNE.

Sources:

Security Affairs

Cyber Security Statistics

Understanding vulnerabilities