BUT Apple has an enviable position when it comes to technology. But their products are not untouchable. So much so that Apple devices are becoming more vulnerable to security threats.
The discovery of two new zero-day vulnerabilities suggests that an enterprise provider may be more vulnerable to attackers than previously thought.
Security flaws in Apple products
Last week, on August 17, Apple announced the discovery of two zero-day vulnerabilities for iOS 15.6.1 and iPadOS 15.6.1. The former will allow the application to execute arbitrary code with kernel privileges, the latter means that processing malicious web content may result in arbitrary code execution.
With the use of macOS devices in the corporate environment growing steadily and reaching 23% last year, Apple products are becoming an increasingly attractive business target.
So, as enterprise usage of Apple devices increases due to the accelerated transition to remote work due to the pandemic, attackers will spend more time targeting company devices to gain initial access to environments, and companies need to be prepared.
These newly discovered vulnerabilities, which Apple says are “actively exploited,” allow an attacker to remotely deploy malicious code, allowing an attacker to break into a corporate network.
The problem is that security services cannot update employee devices in the same way that they can update local resources, and as the line between work and personal devices becomes increasingly blurred, it becomes increasingly difficult to ensure that each infrastructure is properly maintained.
With the lines between work and personal devices becoming increasingly blurred in an era of hybrid work where 39% of employees use personal devices to access corporate data, any employee using an Apple device to access key resources could be putting legally regulated data at risk. . .
As a result, even organizations that do not use Apple devices locally cannot guarantee that they are protected from these vulnerabilities. In response to Apple’s new vulnerabilities, CSOs and security leaders need to ensure that all local and remote personal devices are patched. Failure to do so may leave the entry point open to an attacker.
The most effective way to mitigate the risk of these new vulnerabilities is not just to use mobile device management solutions that help push updates remotely to connected devices, but to pay more attention to educating employees about the risks of not patching personal devices.