Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. This could allow an attacker to access your systems and install programs or view, change or delete any data.

Affected systems

• macOS - operating system for Apple desktops and laptops
• iOS - iPhone operating system
• iPadOS - iPad operating system
• tvOS - Apple TV operating system
• watchOS - Apple Watch operating system
• Xcode - Apple's integrated development environment (IDE)

Recommendations

For TWU Assets:

• IT Solutions will address vulnerabilities and apply appropriate patches provided by Apple to vulnerable systems immediately after appropriate testing.
• Run all software as a nonprivileged user (one without administrative privileges) to diminish the effects of a successful attack.
• Evaluate read, write and execute permissions on all newly installed software.
• Apply the Principle of Least Privilege to all systems and services.

For Personal Devices:

• Personal devices should have automatic updates turned on. If automatic updates are not applied, update affected system to the latest version.
• Do not download, accept or execute files from untrusted and unknown sources.
• Do not visit untrusted websites or follow links provided by untrusted or unknown sources.

For more information, past Information Security announcements, tools and resources, visit the TWU Information Security website.