The Information Security Office advises Case Western Reserve University community members with devices running Apple iOS, iPadOS, and MacOS to update their devices immediately due to a critical security update released September 12. Devices that are managed by CWRU will update as scheduled with no user action required. Personally owned devices and unmanaged CWRU devices will require users to initiate the update process.
The update fixes critical vulnerabilities that allow malicious applications to elevate privileges and allow remote attackers to execute malicious code without the owner’s knowledge or consent. These vulnerabilities may have already been actively exploited according to Apple, and as long as a device has not been updated, that device is still at risk of being exploited.
Apple has fixed the vulnerability in the following operating system versions: macOS 12.6 (Monterey), macOS 11.7 (Big Sur), iOS 16, and iOS 15.7 and iPadOS 15.7. To check what version of iOS or MacOS you have installed, go from Settings to General to About to Software Version. Install the version update for your device by going from Settings to General to Software Update.
University Technology ([U]Tech) recommends users enable automatic updates on all personally owned devices.