Back to Blog August 24, 2022

    Gain Control Over Apple iOS Zero-Day with Axonius

    Apple recently published an update about two cybersecurity vulnerabilities known to have been exploited by cyberattackers. This brings the published count to six patched zero-day vulnerabilities so far in 2022. 

    This time there are two critical common vulnerabilities and exposures (CVEs) affecting many iOS and macOS models. 

    • CVE-2022-32893: Out-of-bounds issue in WebKit that could allow arbitrary code execution.
    • CVE-2022-32894: A kernel out-of-bounds issue that could allow malicious applications to execute arbitrary code using root permissions.

    Vulnerable devices may be accessed at the kernel level by an attacker who exploited the vulnerability, according to Apple. What this means is that the attacker could gain full access to the device. Affected devices include: 

    • Mac devices 
    • iPhone 6s models and later
    • iPad Air 2 and later
    • iPad 5th generation
    • iPad mini 4 and later
    • All iPad Pro models

    Both vulnerabilities were discovered by an anonymous researcher. 

    Remediation

    Installing the updates iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1 fixes these vulnerabilities. While updating or deploying a patch may seem straightforward, it is often not quite that simple. Many organizations have difficulty tracking all of their IT assets, and more importantly, their operating systems across their fleet. This is due to several factors, but most importantly, the ever-changing nature of asset inventories and their current security state. 

    Many companies still rely on outdated or incomplete methods of tracking assets, including Excel spreadsheets, agent-based tools which cannot account for devices without an installed agent, or network scans that may not accurately identify every device on the network. And this is where they get into trouble with finding the devices that are in need of critical updates.

    Tracking Apple Devices and OS Versions with Axonius

    Cybersecurity asset management solutions give enterprises greater insight into their full asset inventory, plus their vulnerability risk, linking vulnerabilities with other factors such as public exposure, associated users, domains, and more.

    With a solution like Axonius, locating exposed Apple devices is easy. It starts with a simple query.

    Where the logo is seen in the query above, it is showing that Axonius is searching metadata from all deployed adapters. What this means is that Axonius is ingesting data from all the connected tools in the customer environment that have visibility into the asset environment(s). Once collected, the Axonius Correlation Engine aggregates, normalizes, deduplicates, and correlates the data, providing a comprehensive and reliable list of affected assets.

    The same query method can also be used to target other asset types, like the Safari browser, which is known to be vulnerable to the WebKit vulnerability if it is not updated. In addition, it is recommended to identify the devices used by administrators first.

    For the short term, one can also look for all iOS and macOS that are not updated with the latest version (currently iOS 15.6.1 or OS X 12.5.1), known to fix the problem. Prioritizing unmanaged devices with public IP addresses is also worthwhile.

    Visualizing with Dashboards

    Easy-to-use charts can be created to illustrate the findings and facilitate the patching progress. This makes visualizing security issues and remediation efforts clear and allows security teams to clearly explain improvements.

    Setting Alerts with Enforcement Center

    Security, IT, and operations teams may automatically act on identified issues, such as those shown above. Administrators can notify asset owners to update their operating systems immediately through the Enforcement Center, or open a support ticket to have IT and security take action on their behalf.

    Assets can even be automatically added to a configuration management database (CMDB) group so they can be updated together later.

    Next Steps

    Security and IT professionals cannot afford delays in locating asset data in their IT environments, especially when we’re talking about critical vulnerabilities that could impact the security posture of the user and the user’s organization. Using cybersecurity asset management solutions to improve vulnerability management has numerous advantages, including 

    1. Reduce mean time to detection: Identify and prioritize vulnerable devices, both managed and unmanaged, based on data that is correlated from multiple sources.
    2. Facilitate rapid incident response: Generate continuous, accurate, and up-to-date information that helps mitigate threats and navigate risks.
    3. Improve organizational efficiency: With one tool to manage the entire digital asset environment, IT, security, and operations teams save time and effort and improve accuracy, thereby reducing risk and business disruption. 

    Sign up to get first access to our latest resources