An Ipswich IT company urges all local businesses to update their Apple devices and remind their employees to update their personal Apple products, following the discovery of a zero-day, zero-click vulnerability.
Lucid Systems, which is based in Felaw Maltings, are Suffolk’s leading IT support service. The company works with businesses across the East of England to provide comprehensive IT support, emphasizing cyber security. The firm is pleading with Suffolk businesses to update all corporate Apple devices following the revelation that a significant security breach has impacted the manufacturer.
Earlier this week, Apple launched an immediate security patch fix after it was revealed that hackers could remotely install a piece of spyware via an iMessage glitch. Once installed, hackers could infiltrate an Apple device and access the camera, microphone, text messages, emails, and other sensitive data. Additionally, the hack has been declared a zero-click exploit. This means that a user did not need to click on anything for the spyware to be installed. As a result, it was almost impossible for Apple to protect users from this hack.
The hack was identified by Canadian company Citizen Lab. They believe that spyware firm NSO Group has used a previously unknown vulnerability to exploit and infect Apple devices remotely with Pegasus spyware. There are significant concerns that the spyware was used to infiltrate phones and computers so that governments could spy on prominent journalists and political activists.
Apple has confirmed the attack has affected the majority of their product range. As a result, Apple users should update all of their devices, from iPhones to iPads, Macs, and Apple Watches.
To prevent any devices from becoming infiltrated with spyware, all iPhone and iPad users should upgrade their software to the latest 14.8 iOS. Mac users should update their systems to OSX Big Sur 11.6, and Apple Watches should update to OS 7.6.2.
Lucid Systems believe that this is a warning of how easy it can be for devices to become infected with malicious software. As a result, all users should proactively take steps to ensure that they benefit from the latest security updates and patch fixes.
Karl Wilkinson, Senior Consultant at Lucid Systems, says: “This is an exceptional reminder of how important it is to ensure that your computers, laptops, phones, and tablets have the latest software updates installed. It can be tempting to forget about them or ignore the reminders as they pop up. But if a threat is identified, you need to take practical steps to protect yourself.”
“With many of us still working from home, it’s harder for local businesses to make sure that their employees are implementing software updates. However, suppose your staff uses their own devices to access work-related material, such as checking their emails on their personal phones. In that case, it’s even more crucial to ensure that your staff is protecting themselves (and your business) from online threats. Simply reminding your employees to update their device to the latest software released by Apple could be enough to prevent your business from being impacted by a cyber-attack.”
Although Apple has been clear that they believe the vulnerability has not put the majority of their users at risk, they are keen to protect all users. This is why they implemented a quick security update as soon as they were alerted to the problem.
Karl believes that local businesses need to pay close attention to online security. Where possible, they should prevent users from accessing work-related information on their personal devices. Instead, firms should provide staff with work mobiles and tablets (if required) to enable them to have stringent security controls.
He says: “Remote working has enabled us to access confidential business data from anywhere in the world, on almost any device. While this is fantastic for flexible working, it does bring up a range of security concerns. In an ideal scenario, businesses should limit access to corporate data from personal devices. Instead, firms should supply staff with phones and tablets because there is more control. You can set defined parameters and restrict access to certain documents and folders. You can ensure that all messages have end-to-end encryption, and you can limit which applications can be downloaded. This is crucial as many hackers are now accessing phones and laptops via third-party apps.”
“These days, businesses and individuals have an incredible amount of sensitive data freely available on their phones. Therefore, it’s never been more important to ensure that you’re taking steps to protect your device from being compromised by hackers.”
Lucid Systems specialise in offering cyber security for businesses across Suffolk and the East of England. The team regularly works with clients to help them achieve Cyber Essentials and Cyber Essentials Plus certifications, both recognizing an uncompromising commitment to cyber security.
In addition, Lucid Systems also believe that it’s essential to prepare for the worst.
They offer effective disaster recovery planning and simulated drills which can replicate a cyber-attack. Thanks to comprehensive disaster recovery plans, businesses can feel confident that they would know how quickly and efficiently they could regain access to their data, should they be infiltrated by a cyber-attack.
For more information about Lucid Systems, visit lucidsystems.co.uk.
