NOTICE: Update Apple products for protection against vulnerabilities

Monday, September 20, 2021

This message is intended for U-M staff who are responsible for managing or are using any Apple devices, including mobile devices, and it applies to both UM-owned and personally-owned devices.

Summary

Apple has released updates to patch vulnerabilities in Apple devices, including those running Mac OS, iOS, and Apple watches. These vulnerabilities make the devices open to a zero-click exploit that is known to have been used to compromise devices and track users of those devices.

Problem

Processing a maliciously crafted PDF or web content may lead to arbitrary code execution which could result in compromise of the device without other user interaction, that is, without users downloading and executing files. Multiple sources have confirmed the vulnerability and that it has been actively exploited.

Affected Systems

All Apple products, including those running Mac OS, iOS, and Apple watches, with versions prior to

  • Mac OS Big Sur 11.6
  • iOS 14.8
  • Apple Watch OS 7.6.2.
     

Action Items

Apply updates to all Apple devices immediately after appropriate testing.

  • MiWorkspace users: Apply available updates to your MiWorkspace Macs as soon as possible. Updates are already available in the Managed Software Center.
  • U-M devices that are not managed by MiWorkspace or MiServer: Apply updates asap after appropriate testing.
  • Personally owned devices: Apply updates to your personal Mac OS, iOS, and Apple watch devices immediately when they become available. It is recommended that you keep personally-owned devices updated at all times, and it is required if you use those devices for U-M business.

How We Protect U-M

  • MiWorkspace machines: A patch is available for MiWorkspace managed Macs. Please take time to apply any outstanding patches as soon as possible. Applying patches when they become available is the best protection for your UM-managed systems and devices.
  • Personally managed or personally owned devices: It is your responsibility to secure any personally-managed U-M devices or personally-owned devices used for U-M business. ITS IA provides guidance on the Safe Computing website in the sections Manage U-M Workstations and Secure Your Devices to help you secure systems and devices you manage or personally own.
  • ITS provides CrowdStrike Falcon to units, which should be installed on all U-M owned systems (Windows, macOS, and Linux operating systems, whether workstations or servers). If you need assistance installing Falcon on a UM-owned device, contact your unit's Falcon admin or Security Unite Liaison (SUL).

Questions, Concerns, Reports

Please contact ITS Information Assurance through the ITS Service Center.