Apple secures WebKit as global ransomware attacks surge

If nothing else, Apple’s most recent emergency security update should be considered proof of an increasingly tense security environment.

Enterprises must understand that while Apple maintains a pretty solid ecosystem — certainly at present the most secure, even according to Cisco — that doesn’t mean it’s entirely safe, and every Apple customer needs to get wise to the growing proliferation of threats.

With more and more business users turning to the company’s solutions, it’s important to get ahead of the threat.

What is the current threat environment?

The latest Orange Cyberdefense Security Navigator Report claims a global 46% surge in cyber-extortion attacks across the last year — and warns that just over a third (37.45%) of detected incidents originated from internal actors, not all of these by accident.

With employees and trusted insiders remaining the soft vulnerable point for a third of attacks, it’s essential every business and every user spend time learning about the best approach to online security.

The Orange report points out that attacks are taking place at strategic points in the supply chain. It warns that larger enterprises are the most targeted entities, and points to a surge in attacks against the manufacturing sector.

Ransomware, it seems, has become so prevalent that some of the more organized groups now host help desks targets can contact for assistance — and to arrange payment and data recovery.

Weaponizing WebKit

Keep these findings in mind as you consider Apple’s latest emergency security updates. Released at the end of November, these address two zero-day vulnerabilities (CVE-2023-42916 and CVE-2023-42917) that have been exploited by hackers to access sensitive information on Apple devices and/or to execute arbitrary code by using malicious webpages to take advantage of a memory corruption bug.

Michael Covington, vice president of portfolio strategy at Jamf, explained:

“These latest OS updates, which address bugs in Apple’s WebKit, show that attackers continue to focus on exploiting the framework that downloads and presents web-based content. The latest bugs could lead to both data leakage and arbitrary code execution and appear to be tied to targeted attacks that are common against high-risk users.”

It’s quite natural that WebKit has become a prime attack target against Apple’s devices.

Can it get worse? Probably

That’s inevitable as the company at present won’t support other browser engines, meaning that even non-Apple browsers make use of WebKit. This might change as regulators seem insistent on forcing Apple to open up, though when it does, it will allow criminals to try multiple web engines and app stores to crack their way into Apple’s devices. We’ll see how that goes.

Security researchers, meanwhile, continue to kick WebKit around in their attempt to find vulnerabilities before the bad guys do, and hopefully get an Apple security bounty payment for their trouble. But the fact that WebKit is such a popular attack vector should really inform every Apple user as to how they are being attacked — think dodgy web links in messages and emails, finely crafted phishing sites, and offers that are too good to be true on sites you don’t entirely trust.

Those are the vectors being used.

Just update all the things

In this environment, a relatively recent survey from Qualys is all the more frightening; it claimed over half the Macs in use today might not yet have installed the latest security software upgrades. That really has to change (and Apple knows it).

At the same time, battle is joined.

The industry is keenly aware of the nature of the attacks taking place, but everyone can play their part. Update your devices swiftly.

“Though these patches validate that Apple devices are not immune to cyber threats, the patching process is helping to reduce the attack surface,” said Covington.

You don’t want to be an easy target now, do you? 

Patch today.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.