The safety of your systems, data, and users are essential to us. As your Trusted Security Partner, we are notifying you of a critical vulnerability in Apple’s iOS for iPhones.
Multinational cybersecurity and anti-virus provider Kaspersky has released an official advisory of observed malware exploitations on Apple’s iOS. iOS is the operating system used in all iPhones.
In observed cases, compromised devices received a suspicious text via iMessage which allowed threat actors to deploy malicious code, and establish a connection with a malicious Command & Control (C&C) server.
This malware is considered particularly dangerous because control of the device can be obtained with zero user interaction. Simply receiving the iMessage attachment on a vulnerable iPhone will deploy the malicious code to your device.
In the modern age, virtually all employees will have work email associated with their mobile device. As such, it is a best practice to follow the manufacturers recommendation and keep your device software up to date.
This can be confirmed by navigating to Settings > General, then tapping Software Update on your iPhone.
Advanced also recommends enabling Rapid Security Responses to receive the latest security patches on your iPhone automatically. This can be enabled by:
- Going to Settings > General > Software Update
- Tapping Automatic Updates
- Make sure that Security Responses & System Files is turned on
More information on Rapid Security Responses can be found here.
Industry best practices also advise keeping backups of your mobile device. Information on this process can be found here.
We will continue to remain steadfast in ensuring the confidentiality, integrity, and availability of your data services. We will provide updates on this critical vulnerability as they are made available.
If you have any questions, comments, or concerns, please don’t hesitate to reach out. We are always happy to help!
Thank you,
The Advanced Security Task Force
We are here to answer any questions for you and your organization regarding its Cybersecurity needs. To request a review of your security posture and alignment, email [email protected].