Get in Touch
UAE Cyber Security Council discloses details of Apple system vulnerabilities
Target Industry
Indiscriminate, opportunistic targeting.
Overview
The United Arab Emirates Cyber Security Council (CSC) disclosed details regarding potential security risks that have been discovered within specific Apple systems. Intelligence indicates that the vulnerabilities impact the operating systems of several Apple products, including iPhone, iPad, Mac computers, Apple Watch, Apple TV, and Safari.
Impact
It has been assessed that successful exploitation of the security issues disclosed by the UAE Cyber Security Council would almost certainly allow threat actors to hijack and attain control over vulnerable systems. This would ultimately grant full control of the target system, almost certainly resulting in the compromise of the integrity of data.
Vulnerability Detection
Apple has released security updates regarding the affected product versions. As such, previous versions are vulnerable to potential exploitation.
Affected Products
The following Apple systems have been identified as being vulnerable to the security flaws outlined within the UAE Cyber Security Council disclosure:
iPhone (iOS)
iPad (iPadOS)
Mac Computers (macOS)
Apple Watch (watchOS)
Apple TV (tvOS)
Safari Browser.
Containment, Mitigations & Remediations
It is strongly recommended that users of the affected product versions apply the following security updates to the affected systems as a matter of urgency, to mitigate against potential exploitation:
iPhone XS and later (iOS17.1)
iPad Pro 12.9-inch 2nd generation and later (iPadOS 17.1)
iPad Pro 10.5-inch (iPadOS 17.1)
iPad Pro 11-inch 1st generation and later (iPadOS 17.1)
iPad Air 3rd generation and later (iPadOS 17.1)
iPad Air 6th generation and later (iPadOS 17.1)
iPad mini 5th generation and later (iPadOS 17.1)
iPhone 8 and later (iOS 16.7.2)
iPad Pro (all models) (iPadOS 16.7.2)
iPad Air 3rd generation and later (iPadOS 16.7.2)
iPad 5th generation and later (iPadOS 16.7.2)
iPad mini 5th generation and later (iPadOS 17.1) (iPadOS 16.7.2)
iPhone 6 (all models) (iOS 15.8)
iPhone 7 (all models) (iOS 15.8)
iPhone SE (1st generation) (iOS 15.8)
iPad Air 2 (iPadOS 15.8)
iPad mini (4th generation) (iPadOS 15.8)
iPod touch (7th generation) (iOS 15.8)
macOS Sonoma (macOS Sonoma 14.1)
macOS Ventura (macOS Ventura 13.6.1)
macOS Monterey (macOS Monterey 12.7.1)
Apple TV HD and Apple TV 4K (all models) (tvOS 17.1)
Apple Watch Series 4 and later (watchOS 10.1)
macOS Monterey and macOS Ventura (Safari 17.1).
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently.
Threat Landscape
Apple occupies a significant portion of the smart device and PC market share. The related products are used extensively by organisations across the industry sector spectrum. Within this context, it has been assessed that cyber threat actors will almost certainly view organisations with operational protocols involving these products as prime targets as they seek to meet their pre-defined objectives.
Intelligence indicates that vulnerabilities related to Apple products for which patches exist have previously been subjected to malicious cyber operations. It is therefore of critical importance to follow the recommended remediation and mitigation strategies to reduce the risk of exploitation.
Threat Group
No attribution to specific threat actors or groups has been identified at the time of writing.
Further Information
