Skip to content

Search Marco

    What You Need to Know About Recent Apple Updates for Vulnerability

    By: Jon Roberts
    August 22, 2022

    Have you updated the software on your Apple device lately? If not, look for any new software updates and install them…now.

    While your new software is downloading, I’ll explain what this update is for and why it’s important to install new software updates as soon as they’re available.

    If you’re running iOS 15.6.1, iPadOS 15.6, or macOS 12.5.115.6.1, well done! Your system is already up to date — at least, at the time I’m writing this blog. You’ve taken an important step towards addressing significant security vulnerabilities.

    WHAT APPLE SECURITY VULNERABILITIES WERE FIXED?

    The recent update is primarily designed to remediate two zero-day vulnerabilities (assigned IDs CVE-2022-32894 and CVE-2022-32893), which could allow hackers to remotely gain control of your device. As a security measure, Apple doesn’t release many details explaining how the vulnerability is exploited. It doesn’t want to give bad actors additional insight into its operating systems, or provide more information about how to identify and exploit vulnerabilities.

    This update also addressed CVE-2022-2856, which addressed vulnerabilities for MacOS users who also use Google Chrome as their browser. Like Apple, Google isn’t sharing more details until users have more time to update their systems.

    WHAT ARE ZERO-DAY VULNERABILITIES?

    A zero-day vulnerability is a weakness that has been discovered and disclosed to the public, but not yet patched. If a hacker uses a zero-day vulnerability to execute an attack, it’s called a zero-day exploit.

    WHY ARE THERE SO MANY UPDATES?

    It can be annoying to have to keep updating your devices often. But there are other reasons people hesitate to do so the minute a new software patch becomes available. Patches and updates can include bugs or negatively affect a device’s performance.

    However, while some updates may simply add features to your existing tools or help them work better, other updates address critical cybersecurity issues. The longer you wait to apply these, the more time you’re giving cybercriminals around the world to find your data and do their worst.

    HOW TO REDUCE DISRUPTIONS CAUSED BY UPDATES

    If you have a setting that allows your device to automatically download and install updates, and you can choose what time those updates are applied, you could save yourself a considerable amount of frustration and annoyance. It may be worth it to investigate those settings.

    It also might be helpful to remind yourself of why many of these updates are released. These patches are designed to protect you, your devices, and your information from very real threats, and they’ve been created by cybersecurity experts who have your best interests in mind.

    Believe it or not, you probably need their help more than you’d like to think. It’s human nature to overestimate the likelihood of good things happening to us, and underestimate the likelihood of bad things happening to us. However, according to former FBI agent Jonathan Trimble, it’s more reasonable to assume the opposite — that your sensitive information has already been compromised or is likely to be compromised in the future.

    HOW TO KEEP YOUR BUSINESS DATA SAFE

    Cybersecurity can seem daunting, but just like with physical security, a little prevention goes a long way. According to a recent report, 75% of cyberattacks took advantage of vulnerabilities that were at least two years old. Keeping your devices and tools updated is one important way to significantly reduce your cybersecurity risk.

    You also don’t have to combat the threat of cybercriminals alone. Organizations like the National Institute of Standards and Technology (NIST) and the Center for Internet Security (CIS) outline cybersecurity best practices. If you’re wondering if your organization’s data and infrastructure is well protected, we’ve designed a helpful Cybersecurity Checklist that you can complete online or download as a PDF. Our experts are also available to help demystify cybersecurity and make it much easier for organizations large and small to protect themselves.

    Learn more about a Cybersecurity Assessment Get Started Today

    Topics: Security