90% of Enterprise iPhone Users Open to iMessage Spy Attack

This situation is yet another example of why patch and update management is such a vital component of every enterprise and individual user.  Please take the time to verify your Apple iOS devices and update your firmware accordingly.

https://threatpost.com/90-enterprise-iphone-users-imessage-spy-attack/146899/

OceanLotus: macOS malware update

A little virtual exercise for anyone reading this article this morning – raise your hand if, when you close your eyes and go to your happy place, you truly believe Apple Mac computers cannot get viruses or malware.  Go ahead.  Be honest.  Search your heart for what is often a painful truth.  I saw a few hesitant hands go up, at least for a second or two.  It is ok.  I get it.

I am a Mac user too, and though I would love to believe my Mac is safe and sound from all malware attacks and virus strains, the truth is Macs are targets too and viruses and malicious code is being developed and deployed everyday to infiltrate our Apple devices, collect data, and cause harm.  Yes, Macs represent a smaller target pool in comparison to Windows workstations, but Macs are still a target.  In many cases, Macs are specifically targeted because of the types of power users and executives who choose to use Apple products.

As this article from Eset demonstrates, the threats are real and precautions are warranted.  Make sure you properly patch and configure your Mac workstations and laptops.  Run a form of advanced malware protection.  Be prepared.

https://www.welivesecurity.com/2019/04/09/oceanlotus-macos-malware-update/

Apple scrambles to fix FaceTime eavesdropping bug

This is a huge miss on the part of Apple to allow this level of flaw/vulnerability into the wild.  If rumors are true, this issue was also covered up for a bit while a patch was under construction.  Please take the time to disable FaceTime on your iOS and MacOS devices immediately until a patch can be distributed by Apple.

https://nakedsecurity.sophos.com/2019/01/29/apple-facetime-eavesdropping-bug/

https://www.schneier.com/blog/archives/2019/01/iphone_facetime.html

https://www.infosecurity-magazine.com/news/group-facetime-disabled-while/

Apple releases iOS 11.4.1 and blocks passcode cracking tools

This is an important update from Apple and a solid step toward better security for iOS devices.  Much is made of this update relative to the actions of law enforcement agencies in obtaining information from seized devices.  That is not the only story or the only reason this update is relevant.  It is a genuine protection against sidejacking and other malicious intrusions that can occur from many others outside of the realm of the FBI or your local police department.

Review your devices and patch accordingly.

https://www.theverge.com/2018/7/9/17549538/apple-ios-11-4-1-blocks-police-passcode-cracking-tools