Overnight Apple has released security patches to all its devices to tackle a zero-click vulnerability with the iMessage system. The vulnerability allows an attacker to send an iMessage to a user and gain control of the device without any interaction from the user. The exploit abuses how iMessage automatically renders images and PDFs to run arbitrary code and gain control of the device, all without the user realising it.
In an Apple Blog post on the issue, Apple acknowledges that the issue may be actively exploited. So if you have an Apple device, this is a patch you will want to install immediately. You can check your software version against the latest release versions from apple:
| Name and information link | Available for | Release date |
|---|---|---|
| Safari 14.1.2 | macOS Catalina and macOS Mojave | 13 Sep 2021 |
| Security Update 2021-005 Catalina | macOS Catalina | 13 Sep 2021 |
| macOS Big Sur 11.6 | macOS Big Sur | 13 Sep 2021 |
| watchOS 7.6.2 | Apple Watch Series 3 and later | 13 Sep 2021 |
| iOS 14.8 and iPadOS 14.8 | iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) | 13 Sep 2021 |
You can check for the updates manually and install them yourself.
If you own a device running iOS, go to Settings > General > Software Update. Once the check finishes, tap Download and Install for the latest patch.
For macOS users, click the apple logo in the top left, and select ‘System Preferences’. In the System Preferences window, select Software Update, and once the check completes, download and install the patch.
Although the exploit is a bit of an embarrassment for Apple, who pride themselves on the security of their devices, the expected unveiling of the new iPhones will help to gloss over the bad press from this incident.
You can watch the Apple event today (September 14th) at 18:00 on their YouTube channel.
If you need assistance checking or installing the latest updates for iOS or macOS, contact the Kriston Technology service desk on 01993 880 980.
Comments are closed