This message was sent to U-M IT groups on Friday, 8/19/22. is intended for U-M staff who are responsible for managing or are using any Apple devices, including mobile devices, and it applies to both UM-owned and personally-owned devices.
Summary
Apple has released updates to patch critical vulnerabilities in multiple products, including those running macOS Monterey, iOS and iPadOS, and Safari. Some of the vulnerabilities could allow for remote code execution, and Apple has indicated these are actively being exploited by attackers.
Problem
An attacker could exploit some of the vulnerabilities in Apple products to take control of an affected system.
Affected Systems
Apple devices using OS versions older than the ones listed here are affected:
Action Items
Apply updates to affected Apple devices immediately after appropriate testing.
- MiWorkspace users: Apply available updates to your MiWorkspace Macs as soon as possible. Updates are already available in the Managed Software Center.
- U-M devices that are not managed by MiWorkspace or MiServer: Apply updates immediately after appropriate testing.
- Personally owned devices: Apply updates to your personal devices running macOS Monterey, iOS, iPadOS, and Safari as soon as possible. It is recommended that you keep personally-owned devices updated at all times, and it is required if you use those devices for U-M business.
Threats
Apple has reported that these vulnerabilities are actively being exploited by some attackers.
How We Protect U-M
- MiWorkspace machines: A patch is available for MiWorkspace managed Macs. Please take time to apply any outstanding patches as soon as possible. Applying patches when they become available is the best protection for your UM-managed systems and devices.
- Personally managed or personally owned devices: It is your responsibility to secure any personally-managed U-M devices or personally-owned devices used for U-M business. ITS IA provides guidance on the Safe Computing website in the sections Manage U-M Workstations and Secure Your Devices to help you secure systems and devices you manage or personally own.
- ITS provides CrowdStrike Falcon to units, which should be installed on all U-M owned systems (Windows, macOS, and Linux operating systems, whether workstations or servers). If you need assistance installing Falcon on a UM-owned device, contact your unit's Falcon administrator or Security Unit Liaison (SUL).
Questions, Concerns, Reports
Please contact ITS Information Assurance through the ITS Service Center.
References
- Apple Releases Security Updates for Multiple Products, Cyberstructure & Infrastructure Security Agency, 8/18/22
- You should probably update your Apple devices right now, CNN, 8/18/22
- About the security content of iOS 15.6.1 and iPadOS 15.6.1, Apple, 8/17/22
- About the security content of macOS Monterey 12.5.1, Apple, 8/17/22