Lawyer insurance broker consulting giving legal advice with Mac in background

Security Advisory: Apple macOS Zero-Day Vulnerability (MAY UPDATE)

May 07, 2021 Scott Evangelist

MAY 7, 2021: ADDITIONAL APPLE VULNERABILITIES AND PATCHES

Atomic Data recommends immediately applying Software Updates to each of your Apple products to resolve a security vulnerability that presents the risk of compromise and takeover. 

VULNERABILITY OVERVIEW:

On Tuesday, May 4th, Apple released macOS, iOS, iPadOS, and watchOS Security Updates to patch zero-day exploits actively being used to deploy malware.  The most severe vulnerability permits arbitrary code execution on devices that come into contact with infected code via web browsers or other applications.

ACT NOW TO ADDRESS THE RISK:

An attacker need only create or infect a website and attack anyone visiting the page to infect their system. Warn your users to be alert to the likely attack methods and not to visit untrusted websites or follow links provided by untrusted or unknown sources.

To fully address the risk, you should apply all available updates from Apple as soon as possible. Affected operating systems include:

  • iOS prior to version 14.5.1
  • iOS prior to version 12.5.3
  • iPadOS prior to version 14.5.1
  • watchOS prior to version 7.4.1

GETTING ASSISTANCE:

If you would like assistance with remediation of this security vulnerability, please open a ticket with Atomic Data’s Service Desk (612.466.2020) or contact your Account Coordinator.

FURTHER INFORMATION:

Third-Party Overviews: 

https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-apple-products-could-allow-for-arbitrary-code-execution_2021-059/

https://nakedsecurity.sophos.com/2021/05/04/apple-products-hit-by-fourfecta-of-zero-day-exploits-patch-now/

Update Details:

macOS Big Sur – https://support.apple.com/en-us/HT212335

iOS 14.5.1 and iPadOS 14.5.1 – https://support.apple.com/en-us/HT212336

watchOS 7.4.1 – https://support.apple.com/en-us/HT212339

iOS 12.5.3 – https://support.apple.com/en-us/HT212341

CVEs:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30661

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30663

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30665

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30666


APRIL 27 NOTIFICATION: Atomic Data recommends immediately applying all available macOS Software Updates to each of your Mac systems to resolve a security vulnerability that presents the risk of compromise and takeover.  


VULNERABILITY OVERVIEW:

On Monday, April 26, Apple released macOS Security Updates for all three supported versions of macOS to patch a zero-day exploit actively being used to deploy malware.  The vulnerability permits bypass of critical security features of macOS that would normally prevent users from installing suspicious software.  


ACT NOW TO ADDRESS THE RISK:

An attacker needs at least some user interaction for this attack to be successful, so you can mitigate the risk while updates are still being applied.  Warn your users to be alert to the likely attack methods, which include email phishing attempts and pop-up invitations in web browsers to update or install software.

To fully address the risk, you should apply all available macOS updates as soon as possible.  For Macs running Big Sur, apply the macOS Big Sur 11.3 update.  For systems still running macOS Catalina 10.15.7 or macOS Mojave 10.14.6, a new Security Update will appear in Software Update when you click on “More info…” just below “Other updates are available.”


GETTING ASSISTANCE:

If you would like assistance with remediation of this security vulnerability, please open a ticket with Atomic Data’s Service Desk (612-466-2020) or contact your Account Coordinator.


FURTHER INFORMATION:

Third-Party Overviews:  

https://www.techradar.com/news/update-now-critical-macos-security-flaw-patched-in-big-sur-113

https://objective-see.com/blog/blog_0x64.html

macOS Update details:

Big Sur:  https://support.apple.com/en-us/HT212325

Catalina:  https://support.apple.com/en-us/HT212326

Mojave:  https://support.apple.com/en-us/HT212327

CVEs – Currently a Reservation with minimal information:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30657

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30658

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1810

Available Now: 2024 Ransomware Trends Report

X