I have written before on the steps Apple takes in improving the cyber security of its users, such as the “walled garden” app store to reduce app risk, supporting older devices with security updates and enforcing strict conditions on how apps operate on Apple devices. But they are a bit grey when it comes to some issues:
Mine and Your Privacy and Apple
Can Apple identify us from “anonymous” data?
But no company can create perfectly secure software – so every month Apple along with all the other vendors issue patches and updates across their products – and I promote them here so we all keep up.
Now there are reports that both iOS and MacOS have a cyber security flaw that allows for a threat actor to escalate their OS privileges and break out of the restrictions that Apple enforces on software running on their devices and allows them to run their own code.
Here is Trellix Advanced Research Centre’s report:
Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS
This is important as it compromises Apple’s OS security at a fundamental level.
The vulnerabilities have been patched – so make sure you keep your Apple stuff patched. Even if you and your team have automatic updates selected, it is worth the effort, when you see these types of stories to go and check that the updates have happened (I do). This applies to any software from any vendor.