Summary
Apple released a security update for macOS, watchOS, iOS, iPadOS, and Safari. Apple is aware of a report of potential exploits in the wild.
Impact
A zero-day “zero click” exploit against iMessages that impacts:
- macOS Big Sur
- macOS Catalina
- watchOS
- iOS
- iPadOS
- Safari
The exploit has been in use since at least February 2021, requires no user interaction, and could lead to installation of the Pegasus spyware. The Pegasus spyware is not a significant threat for most users. NGO the company that developed the spyware says it is used to target criminals, terrorists, journalists, human rights activists, political dissidents, and business executives.
Vulnerable
- macOS Big Sur
- macOS Catalina
- watchOS
- iOS
- iPadOS
- Safari
Recommendations
-
Users and administrators should apply the latest software updates from Apple for the products indicated above.
Make sure all your devices are set to auto-update, so you don’t miss critical security fixes such as this on
For ITCS supported devices, we recommend not waiting when prompted. Apple Software Update is enabled by default and users should install them at first prompt whether that be through Apple Software Update or the EOS monthly patching going out at the end of this week.
References
- https://us-cert.cisa.gov/ncas/current-activity/2021/09/13/apple-releases-security-updates-address-cve-2021-30858-and-cve
- https://www.techrepublic.com/article/apple-releases-emergency-patch-to-protect-all-devices-against-pegasus-spyware/?ftag=TREa988f1c&bhid=24489981724174955027496017133823&mid=13511019&cid=71224338
- https://blog.malwarebytes.com/privacy-2/2021/09/apple-releases-emergency-update-patch-but-dont-panic/