HC3 Issues Sector Alert For Apple Zero-Day Device Vulnerability Update

The Department of Health and Human Services’ Cybersecurity Coordination Center (HC3) has issued a security alert notifying healthcare organizations of Apple’s security updates to safeguard against two zero-day vulnerabilities in the macOS Monterey, Safari, iOs, and iPadOS. The devices affected by the software vulnerabilities include all iPad Pro Models, iPad Air 2 and after, iPad 5th generation and after, all Macs operating with macOS Monterey, iPad mini 4 and later, the iPod Touch 7th generation, and finally iPhone 6s and later generations. 

A zero-day vulnerability is a flaw in hardware, software, or firmware that the individuals responsible for resolving issues on the device are unaware of. In essence, a zero-day vulnerability is one that has been identified but has not yet been fixed. Once it has been detected, a zero-day vulnerability turns into an n-day or one-day vulnerability. 

 In the sector alert released on August 18, 2022, HC3 explained how a hacker can exploit these vulnerabilities to gain control of a device. The first vulnerability mentioned in the alert, CVE-2022-32893, is an exploit in WebKit, which is a part of Apple’s browser engine and is located primarily in safari. Hackers can exploit this vulnerability through a malicious website to gain remote execution code. The second vulnerability, CVE-2022-32894, is found in the operating system’s Kernel. The arbitrary has the capability to execute arbitrary code with the highest privileges. An exploitation of this vulnerability can give a hacker full control of the device. 

The vulnerabilities in the devices’ software are cause for great concern in the healthcare sector. Apple devices have recently gained immense popularity within the healthcare sector as a result of its multipurpose platform capabilities. Healthcare providers can utilize the Apple devices to carry out a variety of tasks including secure internal communication, medicine administration, ultrasound imaging, mobile documentation of private patient information, and more. With access to iOS devices, cybercriminals can control these devices and gain access to sensitive personal information of patients. 

Users can easily protect themselves against these vulnerabilities by updating their devices to the most recent versions. Users of iPhones or iPads should select “settings,” “general,” and “software update” from the menu. For Mac users, simply navigate to “Apple Menu,” then “About this Mac,” and finally “software update,” for Mac users.