Apple iMessage vulnerability being exploited
Attackers are exploiting a vulnerability referred to as “ForcedEntry” which affects iOS, macOS, and watchOS which allows a remote attacker to gain access to a device without any user interaction. The vulnerability has been exploited since at least February 2021. Apple has released an update to resolve this vulnerability.
CERT NZ recommends all users of these operating systems update their devices as soon as possible.
Apple has stated the vulnerabilities affect products running the following operating systems:
All iPhones with iOS versions prior to 14.8
All Mac computers with operating system versions prior to OSX Big Sur 11.6
All Apple Watches prior to watchOS 7.6.2.
What this means
If exploited, an attacker can execute arbitrary code on the device.
What to look for
How to tell if you're at risk
If you are using devices running the following operating systems:
- iOS versions before 14.8
- macOS versions before Big Sur 11.6
- watchOS versions before 7.6.2
What to do
Apply the latest security updates as detailed in the relevant security update from Apple. External Link