Apple devices were vulnerable to a zero-day exploit dubbed ForcedEntry by Citizen Labs.
This included iPhones, iPads, Apple Watches, and of course, our company-issued Mac laptops that our team utilizes. Thankfully, a patch was also announced with the news of the zero-day exploit: all that was required was a software update. Simple for an individual or family to do, but the action quickly becomes more complicated when rolling it out to a company.
Citizen Lab discovered the exploit as early as March 2021 when examining a phone that was hacked by NSO Group’s Pegasus spyware, but the seriousness of it was only identified September 7 when the team re-examined the vulnerability. Unique because this zero-day exploit did not require clicks from the end user and targeted a flaw in Apple's iMessage. Specifically, the flaw targets Apple’s image rendering library and is effective against Apple iOS, MacOS and WatchOS devices. This gives the hacker access to the device where they can turn on a user’s camera and microphone, record messages, texts, emails, and calls.
One of the biggest security issues organizations face is trying to keep up with patches to their networks and computer operating systems. Often legacy systems have been customized which makes it difficult to roll out patches. (It's why some companies are still on Windows XP.)
At Paubox we require all employees to use Apple computers and utilize a mobile device management system (MDM) called Kandji to ensure all devices have uniform configurations that meet our HITRUST requirements. Security is essential to what we do and how we operate, and we don't see that changing in the future. In a normal world, we would have rolled out the new patched macOS 11.6 via Kandji, but due to the speed of the release and urgency, we had to require employees to install the new OS manually.
We sent an email and Slack message to the company immediately, notifying them of the vulnerability and how to update their Macs. Though there were a few bugs that slowed some of the rollout, everyone who was able to update their device had it completed within 24 hours of the initial notice.
As mentioned, with new releases there are always bugs. And with the speed Apple had to push the new OS, it's not surprising that we encountered a few errors. The most common errors were the generic "Download failed" and "Check your internet connection." Here are a few solutions we found effective in getting past the errors:
Other fixes our team discovered were restarting routers and simply restarting their laptops. It sometimes just took the persistence to retry the update multiple times throughout the day.
Zero-day exploits don't happen that often to Apple software compared to Windows, but they do occur. Like any vulnerability, mitigating the risk quickly is the top priority. It's important to monitor cybersecurity news so you can quickly respond to news of exploits and hacks that could affect the security of your company and your customer's data.