Apple issues emergency security update for Macs, iPhones, iPads, and watches.
Please see the below announcement from ANL Cyber Security. The short story is make sure your iPhones, iPads, Macs, and other Apple devices are running the latest version ASAP. There are two exploits in the wild that can give an attacker control over your apple device with no interaction on your part. One is via malformed PDFs, and another is through Safari (Apple’s built-in web browser).
iOS users (iPhone, iPad, Apple Watch), apply all pending updates ASAP.
macOS users, please visit Software Update in your System Preferences and ensure you’re up to date. If your Mac is managed by CELS Systems, you can follow the instructions below, and we are also working on an update button for the Self Service app, but I wanted to get this announcement out quickly rather than waiting for that to be ready.
Big Sur users: The latest patches will fix both PDF and Webkit exploits. You should be running macOS 11.6 to be secure.
Catalina users: When you open Software Update you will see an offer to upgrade to Big Sur. You can do that if you want, however if you want to stay on Catalina, click “More info” and choose both the macOS Catalina Security Update (fixes PDF exploit), and Safari 14.1.2 (fixes Webkit exploit). You should be running macOS 10.15.7 plus Security update 2021-005 and Safari 14.1.2 to be secure.
Mojave users: There is currently no path to getting Mojave secure. You can apply the Safari 14.1.2 update (fixes Webkit exploit), but there is no patch yet for the PDF exploit. Should one become available, it will be in your Software Updates. At the moment, we consider Mojave to be out of date and strongly recommend upgrading to Catalina or Big Sur. To upgrade from Mojave to Catalina, please see support.apple.com/en-us/HT211683. To upgrade to Big Sur, use Software Update in System Preferences.
Applying the OS update will require you to reboot, and it will take about 20 minutes (typically) to apply.
If you have issues applying the update, please reach out to [email protected]<mailto:[email protected]> and we’ll work with you to get it working.
Subject: Apple issues emergency security update Apple released new versions of its iOS and iPadOS, MacOS, and watchOS operating systems on September 13th to address a critical security flaw (dubbed “FORCEDENTRY” aka CVE-2021-30860). The flaw allows an attacker to compromise an Apple device without any interaction from the device owner by sending a malicious message to iMessage. The device owner is unlikely to know they have been hacked.
Owners of Apple iPhones, iPads, Macs, and watches should take these actions:
* Ensure automatic updates are enabled * Immediately update devices to the latest version
With automatic updates, your device will update with the security patch Apple has released. You can also run updates manually at any time to ensure you have the latest security patches installed. Whether you are running a Windows, Mac, Linux, or Android, turning on automatic updates is the best way to ensure you always have the latest security patches.
If you have questions, please reach out to your Cyber Security Program Representative or the Cyber Security Program Office.