ADVISORY: Apply Apple security updates for multiple products

Wednesday, October 27, 2021

This message was sent to U-M IT groups on Wednesday, 10/27/21. It is intended for U-M staff who are responsible for managing or are using any Apple devices, including mobile devices, and it applies to both UM-owned and personally-owned devices.

Summary

Apple has released updates to patch vulnerabilities in multiple products, including those running Mac OS, iOS, and Apple watches. Some of the vulnerabilities could allow for remote code execution.

Problem

An attacker could exploit some of the vulnerabilities in Apple products to take control of an affected system.

Affected Systems

Action Items

Apply updates to affected Apple devices immediately after appropriate testing.

  • MiWorkspace users: Apply available updates to your MiWorkspace Macs as soon as possible. Updates are already available in the Managed Software Center.

  • U-M devices that are not managed by MiWorkspace or MiServer: Apply updates immediately after appropriate testing.

  • Personally owned devices: Apply updates to your personal Mac OS, iOS, and Apple watch devices as soon as possible. It is recommended that you keep personally-owned devices updated at all times, and it is required if you use those devices for U-M business.

Threats

There are currently no reports of these vulnerabilities being exploited in the wild.

How We Protect U-M

  • MiWorkspace machines: A patch is available for MiWorkspace managed Macs. Please take time to apply any outstanding patches as soon as possible. Applying patches when they become available is the best protection for your UM-managed systems and devices.

  • Personally managed or personally owned devices: It is your responsibility to secure any personally-managed U-M devices or personally-owned devices used for U-M business. ITS IA provides guidance on the Safe Computing website in the sections Manage U-M Workstations and Secure Your Devices to help you secure systems and devices you manage or personally own. 

  • ITS provides CrowdStrike Falcon to units, which should be installed on all U-M owned systems (Windows, macOS, and Linux operating systems, whether workstations or servers). If you need assistance installing Falcon on a UM-owned device, contact your unit's Falcon admin or Security Unite Liaison (SUL).

Questions, Concerns, Reports

Please contact ITS Information Assurance through the ITS Service Center.

References