2:45pm, 14 September 2021
TLP Rating:
Apple iMessage vulnerability being exploited
Attackers are exploiting a vulnerability referred to as “ForcedEntry” which affects iOS, macOS, and watchOS which allows a remote attacker to gain access to a device without any user interaction. The vulnerability has been exploited since at least February 2021. Apple has released an update to resolve this vulnerability.
CERT NZ recommends all users of these operating systems update their devices as soon as possible.
What's happening
Systems affected
Apple has stated the vulnerabilities affect products running the following operating systems:
All iPhones with iOS versions prior to 14.8
All Mac computers with operating system versions prior to OSX Big Sur 11.6
All Apple Watches prior to watchOS 7.6.2.
What this means
If exploited, an attacker can execute arbitrary code on the device.
What to look for
How to tell if you're at risk
If you are using devices running the following operating systems:
- iOS versions before 14.8
- macOS versions before Big Sur 11.6
- watchOS versions before 7.6.2
What to do
Prevention
Apply the latest security updates as detailed in the relevant security update from Apple. External Link
More information
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.
Report an incident to CERT NZ External Link
For media enquiries, email our media desk at certmedia@cert.govt.nz or call on 021 854 384
How helpful was this page?
This site is protected by reCAPTCHA and the Google Privacy Policy External Link and Terms of Service External Link apply.