Paubox blog: HIPAA compliant email made easy

Patching the ForcedEntry Apple zero-day exploit

Written by Rick Kuwahara | September 20, 2021
Like the rest of the world, we were scrambling when we first learned the shocking news on Monday, September 13th.
Apple devices were vulnerable to a zero-day exploit dubbed ForcedEntry by Citizen Labs.

This included iPhones, iPads, Apple Watches, and of course, our company-issued Mac laptops that our team utilizes. Thankfully, a patch was also announced with the news of the zero-day exploit: all that was required was a software update. Simple for an individual or family to do, but the action quickly becomes more complicated when rolling it out to a company.

 

What is ForcedEntry?

 

Citizen Lab discovered the exploit as early as March 2021 when examining a phone that was hacked by NSO Group’s Pegasus spyware, but the seriousness of it was only identified September 7 when the team re-examined the vulnerability. Unique because this zero-day exploit did not require clicks from the end user and targeted a flaw in Apple's iMessage. Specifically, the flaw targets Apple’s image rendering library and is effective against Apple iOS, MacOS and WatchOS devices. This gives the hacker access to the device where they can turn on a user’s camera and microphone, record messages, texts, emails, and calls.

 

What we did about it

 

One of the biggest security issues organizations face is trying to keep up with patches to their networks and computer operating systems. Often legacy systems have been customized which makes it difficult to roll out patches. (It's why some companies are still on Windows XP.)

At Paubox we require all employees to use Apple computers and utilize a mobile device management system (MDM) called Kandji to ensure all devices have uniform configurations that meet our HITRUST requirements. Security is essential to what we do and how we operate, and we don't see that changing in the future. In a normal world, we would have rolled out the new patched macOS 11.6 via Kandji, but due to the speed of the release and urgency, we had to require employees to install the new OS manually.

We sent an email and Slack message to the company immediately, notifying them of the vulnerability and how to update their Macs. Though there were a few bugs that slowed some of the rollout, everyone who was able to update their device had it completed within 24 hours of the initial notice.

 

Common errors we ran into and how to fix it

 

As mentioned, with new releases there are always bugs. And with the speed Apple had to push the new OS, it's not surprising that we encountered a few errors. The most common errors were the generic "Download failed" and "Check your internet connection." Here are a few solutions we found effective in getting past the errors:
  1. Check your storage space: you'll need between 12-15GB of disk space depending on what OS you're upgrading from
  2. Make sure your internet connection is solid and consistent, you may need to try wifi, ethernet or even a hotspot
  3. Restart your laptop in "safe mode" and try to update from there
  4. Try to download the update from the Apple Store instead of System Preferences

Other fixes our team discovered were restarting routers and simply restarting their laptops. It sometimes just took the persistence to retry the update multiple times throughout the day.

 

Conclusion

 

Zero-day exploits don't happen that often to Apple software compared to Windows, but they do occur. Like any vulnerability, mitigating the risk quickly is the top priority. It's important to monitor cybersecurity news so you can quickly respond to news of exploits and hacks that could affect the security of your company and your customer's data.