Friday, October 15, 2021

Apple quietly patches one more iPhone Zero-day – verify you’ve gotten 15.Zero.2 – Bare Safety

It’s been a wild few weeks for Apple, or perhaps an “in-the-wild” few weeks, with several zero-day bugs necessitating emergency updates.

We were going to say “unexpected updates”, but all (or almost all) Apple security patches are, of course, unexpected by design.

Apple deliberately announces security fixes only after they’ve been published, so you couldn’t plan for them even if you wanted.

Apple claims that this is for “customers’ protection”, because it prevents crooks who may have heard rumours about a security hole but haven’t figured it our for themselves from working out where to start looking for it.

On the other hand, it also means that you will hardly ever hear about official workarounds or threat mitigations from Apple, even if those workarounds might keep you safe during the gap between the zero-day hole appearing and the patch being created, tested and released.

Remember that zero-day vulnerabilities refer to bugs that cybercriminals know how to exploit before a patch is available, with the result that even a well-informed user or sysadmin would have had zero days to get officially ahead of the Bad Guys.