Zero Click Exploit (Apple 0-Day)
Overview
Apple released several security updates yesterday for iOS, iPadOS, macOS, and watchOS that address a severe Day 0 exploit. This exploit involves a malicious iMessage being sent to the device. The message does NOT require a user to click the message for it to be exploited. Apple’s specific description and impact of the exploits are highlighted in their release notes, but we detailed some of the specific exploits below:
Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: An integer overflow was addressed with improved input validation.
CVE-2021-30860: The Citizen Lab
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A use after free issue was addressed with improved memory management.
CVE-2021-30858: An anonymous researcher
What does this mean?
Any Apple device that supports receiving an iMessage is impacted. Apple released new software updates which contain the fix for the following operating systems:
iOS Devices received Update 14.8
iPadOS Devices received Update 14.8
watchOS Devices received Update 7.6.2
macOS Big Sur Devices received Update 11.6
macOS 10.15.7 Devices received Security Update 2021-005 Catalina
Important items to consider:
- Yes, even your Apple Watch needs an update.
- You do not need to upgrade to Big Sur to apply the fix. If you are on macOS Catalina, it is strongly recommended that you apply the latest security update to patch the exploit on your macOS devices.Â
- If your devices are on older versions of iOS, iPadOS, macOS, or watchOS, you should update them to the latest version(s) available to prevent this exploit.
To learn more about the origins of this exploit and the rumors of what group is behind it, check out this article from NPR, written a month ago amidst the allegations of when this exploit started being leveraged.
Remediation
To remediate this issue, you need to update all your Apple Devices – yes all of them! Updating all these operating systems can be painful, especially when you have multiple Apple devices.Â
Using a robust Apple Device Management Platform with both an MDM and an agent like Addigy, you can push software updates, enforce them on your devices, and audit their status thereafter using robust monitoring and remediation options.
If you are using Addigy today and want to deploy these updates now, the following resources will help you:
- Applying System Updates to devices in Addigy using GoLive
- Visit Policy > System Updates to mass deploy macOS updates
- Applying full operating system upgrades to devices to get them on the latest builds of macOS:
- Deploying iOS Updates in Bulk
- Checking if a specific device(s) need an update in Policies
Keep in mind, everyone around the world that uses iOS, macOS, and watchOS devices are all trying to update their devices today and Apple’s Software Update Servers may struggle to provide available updates. From the testing and feedback we have received so far, this could cause some inconsistencies in the updates appearing on devices or from installing the update.
Addigy provides a robust set of tools to keep your fleet updated, if you have any questions, do not hesitate to reach out to the Addigy Support Team.
