Apple recently published an update about two cybersecurity vulnerabilities known to have been exploited by cyberattackers. This brings the published count to six patched zero-day vulnerabilities so far in 2022.
This time there are two critical common vulnerabilities and exposures (CVEs) affecting many iOS and macOS models.
Vulnerable devices may be accessed at the kernel level by an attacker who exploited the vulnerability, according to Apple. What this means is that the attacker could gain full access to the device. Affected devices include:
Both vulnerabilities were discovered by an anonymous researcher.
Installing the updates iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1 fixes these vulnerabilities. While updating or deploying a patch may seem straightforward, it is often not quite that simple. Many organizations have difficulty tracking all of their IT assets, and more importantly, their operating systems across their fleet. This is due to several factors, but most importantly, the ever-changing nature of asset inventories and their current security state.
Many companies still rely on outdated or incomplete methods of tracking assets, including Excel spreadsheets, agent-based tools which cannot account for devices without an installed agent, or network scans that may not accurately identify every device on the network. And this is where they get into trouble with finding the devices that are in need of critical updates.
Cybersecurity asset management solutions give enterprises greater insight into their full asset inventory, plus their vulnerability risk, linking vulnerabilities with other factors such as public exposure, associated users, domains, and more.
With a solution like Axonius, locating exposed Apple devices is easy. It starts with a simple query.
Where the logo is seen in the query above, it is showing that Axonius is searching metadata from all deployed adapters. What this means is that Axonius is ingesting data from all the connected tools in the customer environment that have visibility into the asset environment(s). Once collected, the Axonius Correlation Engine aggregates, normalizes, deduplicates, and correlates the data, providing a comprehensive and reliable list of affected assets.
The same query method can also be used to target other asset types, like the Safari browser, which is known to be vulnerable to the WebKit vulnerability if it is not updated. In addition, it is recommended to identify the devices used by administrators first.
For the short term, one can also look for all iOS and macOS that are not updated with the latest version (currently iOS 15.6.1 or OS X 12.5.1), known to fix the problem. Prioritizing unmanaged devices with public IP addresses is also worthwhile.
Easy-to-use charts can be created to illustrate the findings and facilitate the patching progress. This makes visualizing security issues and remediation efforts clear and allows security teams to clearly explain improvements.
Security, IT, and operations teams may automatically act on identified issues, such as those shown above. Administrators can notify asset owners to update their operating systems immediately through the Enforcement Center, or open a support ticket to have IT and security take action on their behalf.
Assets can even be automatically added to a configuration management database (CMDB) group so they can be updated together later.
Security and IT professionals cannot afford delays in locating asset data in their IT environments, especially when we’re talking about critical vulnerabilities that could impact the security posture of the user and the user’s organization. Using cybersecurity asset management solutions to improve vulnerability management has numerous advantages, including
"Culture is the foundation for any high-performing team. We all process information differently, we listen differently. We come from different backgrounds and experiences. No matter who you are, I want to know that. I want to understand what makes you you and treat you the way you want to be treated, not how I project myself onto you.”
— Jen Easterly, director, Cybersecurity and Infrastructure Security Agency (CISA)
“[Create an environment] where people can understand when they can take time off and not feel like everything is going to fall apart. [Where] they have a plan for their career and how they’re going to grow. [Where] they have time to be with their friends and family enough not to be burned out."
— Deidre Diamond, founder and CEO of CyberSN and Security Diversity
“Actively invite engagement, listen with purpose, and look for signs of burnout. You can't expect everyone to feel equally comfortable expressing an opinion, and so it's important to solicit feedback at times as opposed to always passively expecting it. When you are getting engagement, listen with purpose. Make an effort to not only hear what's being said, but understand and empathize. Lastly, look for signs of burnout. … If you're noticing signs of burnout on the team, look for ways to intervene, like ensuring adequate team resourcing/load balancing to create a healthy work/life balance for everyone, and that team members are able to take PTO."
— Daniel Trauner, senior director of security, Axonius
“We need an environment where failure is not only tolerated, but an understood aspect of innovation. Our attackers are failing forward every single day, [and] we deserve the ability to do the same if we are going to protect our people, data, and organizations.”
— Chris Cochran, co-founder at Hacker Valley Media and creative director at Axonius
41 Madison Avenue, 37th Floor
New York, NY 10010