Apple has released an urgent iOS patch overnight and was encouraging all iPhone users to download it immediately. Jamie Brummell, a security researcher and Socura co-founder and CTO, said he believes that the vulnerability is being exploited in the wild, is serious, and most victims won't ever know they were targeted.
The patch was p[aridly pulled by Apple as it was believed to be malfuctioning. Jamie said: "This iOS patch was rapid in name, and rapid in nature. Reports suggest it has been pulled by Apple because it was causing some websites to break. This is the challenge with rapidly developed patches. They can result in unexpected issues due to the limited time the vendor has to test them.
"Rapid patches can end up breaking more than they fix."
On the initial threat, he said: “We know this is a serious vulnerability because Apple is using its new ‘Rapid Security Response’ targeted patching method to get the fix out there quickly. The fact that there are reports it is being exploited in the wild has added to the urgency. This is only the second time that Apple has resorted to an RSR patch.
“There’s no indication yet if Apple users can check whether they’ve been targeted, or how they would check. However, these exploits are usually executed silently. They are effectively invisible, and the chances are that victims would never know they were targeted. Detailed forensic analysis would be needed to determine whether a device had been targeted after the fact.
“One of the only effective things iPhone users can do to defend against these 0-days is to reboot daily. Gaining persistence on iPhone is extremely hard, so restarting usually kills the threat actor’s code, at least until the device gets exploited again. Alternatively iOS Lockdown mode can stop some of these exploits from working by blocking web-based scripts, risky message attachment types and more.”
Apple's Rapid Security Response updates provide iOS and macOS users with security fixes without the need to install a full software update – saving customers time.
Debrup Ghosh, senior manager at the Synopsys Software Integrity Group, said: "Speed matters in business, especially when it comes to securing its digital assets. With its Rapid Security Response updates, Apple has set the industry benchmark for not only addressing security vulnerabilities swiftly, but also rolling out these updates across millions of devices. Further, enabling automatic updates ensures that, for most customers, these security updates are applied without the any action from the end user.
"Although development and security teams, whether at Apple or an emerging software startup, strive to eliminate as many vulnerabilities as possible, they can often still be found in software released to production. However, what really matters is how quickly an organization can move to fix and remediate these vulnerabilities to prevent or mitigate active exploits, and Apple’s Rapid Security Updates seem to be an effective and efficient method towards achieving that goal."
