Apple iMessage vulnerability being exploited

Our advisories highlight current cyber security threats and vulnerabilities in New Zealand, and provide guidance on how to mitigate their impact.

Subscribe to our updates to be notified as soon as we publish an advisory.

2:45pm, 14 September 2021

TLP Rating: Clear

Apple iMessage vulnerability being exploited

Attackers are exploiting a vulnerability referred to as “ForcedEntry” which affects iOS, macOS, and watchOS which allows a remote attacker to gain access to a device without any user interaction. The vulnerability has been exploited since at least February 2021. Apple has released an update to resolve this vulnerability.

CERT NZ recommends all users of these operating systems update their devices as soon as possible.

What's happening

Systems affected

Apple has stated the vulnerabilities affect products running the following operating systems:

All iPhones with iOS versions prior to 14.8

All Mac computers with operating system versions prior to OSX Big Sur 11.6

All Apple Watches prior to watchOS 7.6.2.

What this means

If exploited, an attacker can execute arbitrary code on the device.

What to look for

How to tell if you're at risk

If you are using devices running the following operating systems:

  • iOS versions before 14.8
  • macOS versions before Big Sur 11.6
  • watchOS versions before 7.6.2

What to do

Prevention

Apply the latest security updates as detailed in the relevant security update from Apple. External Link

More information

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ External Link

For media enquiries, email our media desk at certmedia@cert.govt.nz or call on 021 854 384