Join us for our Quarterly Product Webinar on April 30th

SAVE YOUR SEAT NOW

    Zero-Click Apple Messenger Vulnerability: Critical Actions to Take

    by Peter Lowe on Sep 14, 2021 12:00:00 AM

    On September 13, Citizen Lab identified a zero-click exploit “in the wild” from NSO Group impacting all Apple Messenger products. This impacts all devices that use Messenger including iPhones, Mac, iPad and Apple Watches. Citizen Lab has dubbed this spyware “Forcedentry.”

    Apple has issued an update to combat this vulnerability. The most important step you can take right now is to update your Apple devices to ensure you are no longer impacted. You should update to the following versions:

    • macOS Big Sur 11.6
    • iOS 14.8
    • watchOS 7.6.2

    You can further protect yourself from NSO spyware domains by blocking “Trackers” on DNSFilter. DNSFilter has proactively flagged all known NSO spyware domains as “Trackers,” thanks to Amnesty International’s excellent work investigating the group. Our Domain Intelligence team identified and added these trackers to our block list on July 20th, 2021.

    Blocking the Trackers category will prevent any compromised devices from sending out data to their servers.

    Please note, however, that the vulnerability itself is part of Apple’s Messenger, so will continue to exist and be exploitable by other malicious actors until affected devices have been updated as per Apple’s advisory.

    It is imperative to ensure your devices always contain the latest patches to protect against vulnerabilities. Today's announcement about the zero-click exploit impacting Apple devices not only highlights the importance of the patch, but also is active in the wild. If you need to bide your time before making updates across your organization, changing your DNSFilter policy to block "Trackers" will offer an additional layer of protection against this zero-click exploit.
    Topics: Cyber Threats
    Search
    • There are no suggestions because the search field is empty.
    Categories

    Categories

    Latest posts
    Why Scaling Your MSP Doesn’t Mean Hiring More Technicians Why Scaling Your MSP Doesn’t Mean Hiring More Technicians

    Growth should feel like progress. But for a lot of MSPs, there comes a point where growth starts to feel heavier instead. New clients are coming in, and revenue is rising, yet the day-to-day operation feels more stretched, not more efficient. The service desk is constantly busy. Senior techs keep getting pulled into escalations. The team is working harder just to maintain the same standard of delivery.The usual response is to hire more people. On...

    The Hidden Cost of “Good Enough” Security in MSP Environments The Hidden Cost of “Good Enough” Security in MSP Environments

    “Good enough” security checks the boxes and keeps the dashboards green. It covers the basics and gets you through onboarding. But in MSP environments, “good enough” usually means nothing breaks badly enough to force action. And that’s exactly the problem.The tooling system doesn’t fail. It just becomes more expensive to run, gradually turning your service desk into a permanent cleanup crew.Over time, reactive security tools create a profitability...

    SASE vs SSE: What's the Difference and Why It Matters for Your Security Stack SASE vs SSE: What's the Difference and Why It Matters for Your Security Stack

    If you’ve spent any time researching modern network security, you’ve likely come across SASE and SSE used interchangeably, sometimes even in vendor messaging. The result is a lot of confusion around two concepts that are closely related but not identical.

    Explore More Content

    Ready to brush up on something new? We've got even more for you to discover.
    WhitePapers
    WhitePapers
     Webinars
    Webinars
     Case Studies
    Case Studies
     Product Literature
    Product Literature
    What's New