- Use Cases
Apple recently published an update about two cybersecurity vulnerabilities known to have been exploited by cyberattackers. This brings the published count to six patched zero-day vulnerabilities so far in 2022.
Vulnerable devices may be accessed at the kernel level by an attacker who exploited the vulnerability, according to Apple. What this means is that the attacker could gain full access to the device. Affected devices include:
Both vulnerabilities were discovered by an anonymous researcher.
Installing the updates iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1 fixes these vulnerabilities. While updating or deploying a patch may seem straightforward, it is often not quite that simple. Many organizations have difficulty tracking all of their IT assets, and more importantly, their operating systems across their fleet. This is due to several factors, but most importantly, the ever-changing nature of asset inventories and their current security state.
Many companies still rely on outdated or incomplete methods of tracking assets, including Excel spreadsheets, agent-based tools which cannot account for devices without an installed agent, or network scans that may not accurately identify every device on the network. And this is where they get into trouble with finding the devices that are in need of critical updates.
Cybersecurity asset management solutions give enterprises greater insight into their full asset inventory, plus their vulnerability risk, linking vulnerabilities with other factors such as public exposure, associated users, domains, and more.
With a solution like Axonius, locating exposed Apple devices is easy. It starts with a simple query.
Where the logo is seen in the query above, it is showing that Axonius is searching metadata from all deployed adapters. What this means is that Axonius is ingesting data from all the connected tools in the customer environment that have visibility into the asset environment(s). Once collected, the Axonius Correlation Engine aggregates, normalizes, deduplicates, and correlates the data, providing a comprehensive and reliable list of affected assets.
The same query method can also be used to target other asset types, like the Safari browser, which is known to be vulnerable to the WebKit vulnerability if it is not updated. In addition, it is recommended to identify the devices used by administrators first.
For the short term, one can also look for all iOS and macOS that are not updated with the latest version (currently iOS 15.6.1 or OS X 12.5.1), known to fix the problem. Prioritizing unmanaged devices with public IP addresses is also worthwhile.
Easy-to-use charts can be created to illustrate the findings and facilitate the patching progress. This makes visualizing security issues and remediation efforts clear and allows security teams to clearly explain improvements.
Security, IT, and operations teams may automatically act on identified issues, such as those shown above. Administrators can notify asset owners to update their operating systems immediately through the Enforcement Center, or open a support ticket to have IT and security take action on their behalf.
Assets can even be automatically added to a configuration management database (CMDB) group so they can be updated together later.
Security and IT professionals cannot afford delays in locating asset data in their IT environments, especially when we’re talking about critical vulnerabilities that could impact the security posture of the user and the user’s organization. Using cybersecurity asset management solutions to improve vulnerability management has numerous advantages, including