TL:DR - Update your IOS devices and limit the amount of sensitive data that you store and transmit on your Apple devices at this time.
On Monday, September 13, 2021, Apple issued an emergency software security update after security researchers detected a flaw that allowed highly invasive spyware from Israel’s NSO Group to hack into any apple device.
This highly invasive spyware, called Pegasus, has been known to be around since at least March. It allows IOS devices to be infected without the victim’s knowledge, this is also known as “zero click remote exploit.” This hack allows access to view all the users’ devices including their content, a live feed of the camera, and access to all encrypted app data, such as Signal and Whatsapp. This is the most prolific hack to affect IOS devices in the recent years. This hack was originally intended for use against enemies of the state of Israel and its allies. However, the source code was leaked to the dark web allowing hacking organizations to take advantage of this powerful exploit. Which allows not only IOS devices to be controlled, but also Android devices as well. There is little you can do to protect against this exploit.
How to Stay Protected
Apple has released an emergency security fix, this fix attempts to resolve the Pegasus exploit. However, due to how new this patch is, it is unconfirmed how successful it is at mitigating the Pegasus attacks. As we have seen with the Microsoft Print Nightmare security updates and fixes, many fixes being applied by vendors are not sufficient in protecting from exploitation. Apple has a great track record with pushing reliable and tested security updates, however with the scope of the Pegasus vulnerability it remains to be seen how affective this patch is. In short, update your devices ASAP and try to limit the amount of sensitive data stored and transmitted through your phone. We recommend high-level executives to remove as much company data off their devices as they can to ensure their business stays secure.
Check to see if your business email is in a data breach below.
There are a few great ways to limit the damage of a compromise to you and your team.
- Use unique passwords and store them in a secure password manager like Lastpass.
- Setup automated alerts for your email domain about compromised data.
- Train your staff about how to securely work on the internet.
If you have any questions or need any help feel free to reach out here.
Powered by IT Rockstars |
Data source with thanks to Haveibeenpwned
