Security Alert: Critical Vulnerability in Apple’s iOS

Advanced Computer Technologies Security Task Force - Security Alert: Critical Vulnerability in Apple's iOS iMessage

The safety of your systems, data, and users are essential to us. As your Trusted Security Partner, we are notifying you of a critical vulnerability in Apple’s iOS for iPhones.

Multinational cybersecurity and anti-virus provider Kaspersky has released an official advisory of observed malware exploitations on Apple’s iOS. iOS is the operating system used in all iPhones.

In observed cases, compromised devices received a suspicious text via iMessage which allowed threat actors to deploy malicious code, and establish a connection with a malicious Command & Control (C&C) server.

This malware is considered particularly dangerous because control of the device can be obtained with zero user interaction. Simply receiving the iMessage attachment on a vulnerable iPhone will deploy the malicious code to your device.

In the modern age, virtually all employees will have work email associated with their mobile device. As such, it is a best practice to follow the manufacturers recommendation and keep your device software up to date.

Advanced Computer Technologies, Your Trusted Security Partner

This can be confirmed by navigating to Settings > General, then tapping Software Update on your iPhone.

Advanced also recommends enabling Rapid Security Responses to receive the latest security patches on your iPhone automatically. This can be enabled by:

  1. Going to Settings > General > Software Update
  2. Tapping Automatic Updates
  3. Make sure that Security Responses & System Files is turned on

More information on Rapid Security Responses can be found here.

Industry best practices also advise keeping backups of your mobile device. Information on this process can be found here.

We will continue to remain steadfast in ensuring the confidentiality, integrity, and availability of your data services. We will provide updates on this critical vulnerability as they are made available.

If you have any questions, comments, or concerns, please don’t hesitate to reach out. We are always happy to help!

Thank you,

The Advanced Security Task Force

We are here to answer any questions for you and your organization regarding its Cybersecurity needs. To request a review of your security posture and alignment, email [email protected].

Contact Advanced Computer Technologies' Security Task Force, Your Trusted Security Partner

Recent Posts

Security Digest (April 2024)

April 2024 Patch Tuesday – 4/9 Threat Grading Overview Deep Dive: CVE-2024-26234 and Digital Signatures – Who Can We Trust? Vendor Patch Advisories Emerging Threat:

Read More »

Security Digest (March 2024)

March 2024 Patch Tuesday – 3/12 Deep Dive-APT28 and CVE-2023-23397 Vendor Patch Advisories Windows Server 2012 Officially End of Support New Threat Vector-Acoustic Attacks International

Read More »

Security Digest (January 2024)

January 2024 Patch Tuesday – 1/9 Windows Server 2012 Officially End Of Support CISA Advisory-Excel, Chrome and Sharepoint Vulnerabilities Exploited in the Wild Follow Up:

Read More »