Threat Watch: iLeakage Vulnerability for Apple Devices

Threat Watch Alert

Key Threat Identified on November 7th, 2023: Apple exploit dubbed iLeakage allows for attackers to gain access to your system running iOS, macOS or iPadOS.

iLeakage Security Threat Details

• Using a vulnerability on Safari (for Macs) or any browser (for mobile devices) attackers are able to gain access to your device.
• This elevated privilege allows them to access information from your popular high valued web pages such as your gmail account.
• Attackers can launch additional exploits to recover passwords that have been filled in the browser by password managers autofill features.
• No security patch has been issued by the Apple developers at this time. They have said they will “address the vulnerability in their next scheduled software release”

Recommended Actions:

While there is no security patch available yet, Havoc Shield advises that you forward this Threat Watch Alert to your team. If you do use safari on your Mac, we would suggest using another browser until the patch has been deployed. As always, be mindful and watch out for deceptive sites. These attacks are initiated from you landing on a malicious page. 

How Havoc Shield Can Protect You Against These Threats:

Our goal is to keep you armed and ready for these types of cybersecurity attacks. Havoc Shield has rolled out the OS and Software Patching Tool, this tool manages operating system and critical software updates, ensuring that if any vulnerabilities are discovered, patches are installed as soon as they’re released. No more security holes from endless postponed updates.

While there is no solution at this time for this vulnerability, Apple has commented saying they will resolve this vulnerability in their latest software release. When that time comes, Havoc Shield’s OS and Software patching tool will be sure to update your computers on the same day.

Who is Havoc Shield?

Havoc Shield's is the comprehensive cybersecurity program built for small businesses. With Havoc Shield You get:

• Best-in-class cybersecurity software that we deploy across your devices that help ward off and detect any nefarious activity on your networks. Tools such as: computer policy management, endpoint threat protection, patching support, among others.
• Vital and engaging cyber awareness training for your employees. Over 88% of data breaches are caused by employee mistakes, so this is a critical component of any cybersecurity program. We roll out short monthly training videos and mock-phishing campaigns that educate and test your employees so they're more able to spot social engineering attempts and less likely to open any doors to hackers.
• Secure configurations and continuous monitoring. We help you set up your current systems in the most secure way, and deploy ongoing vulnerability scanning and dark web monitoring, so we can help close any gaps as soon as they may appear.
  
• White-gloved, responsive support. With our Managed program, we do all the heavy lifting for you. You'll get a dedicated cybersecurity expert who implements and maintains all the software and processes for you. You'll receive monthly reports on your program's progress, and we'll meet every quarter to talk through the ever-changing landscape of cyberthreats and what we're doing to advance your program.

Ready to get protected? Book a quick meeting with us here.