Apple has issued a warning to its customer base, urging them to update their devices’ iOS to include a new patch that stops three recently discovered zero-day vulnerabilities. For most of us, that probably amounts to blocking someone from infiltrating our Facebook accounts, but the reality of the flaws has real-world consequences.
First, there’s this New York Times piece about the discovery of the flaws in the first place. The discovery was linked to none other than a prominent human rights activist, who received SMS messages that were trying exploit the flaws. Fortunately, he contacted two security groups, who found ties to a foreign hacker group in the code. The attempt was to exploit the vulnerabilities and ghost the activist’s iPhone.
“But I’m not a prominent figure…I’m a soccer mom.” Too many people tell themselves that, and the end result is devastating for the individual consumer. The important takeaway isn’t that hacking is in the realm of headline-making names. Anyone can be a victim, as different hackers have different purposes for your information.
Even in instances like the infamous Ashley Madison breach, the individual account holders weren’t the primary target, but they certainly were caught in the crossfire of a cyberfeud (and it was very easy for many people to think they got exactly what they deserved for owning accounts in the first place). Sometimes the connection in a hacking event is that there are bigger fish to fry, like the employee of a small, locally-owned air conditioning repair company who downloaded a virus to her company’s computers–all three of them, or something; unfortunately, that tiny company had a very big client: Target. The employee’s lack of security protocol led to one of the largest retail data breaches in history.
In cybersecurity, there is no such thing as “too small to matter.” Given the level of connections, the “six degrees of separation” that technology creates, any vulnerability is not only potentially valuable, but also frighteningly easy to exploit.
Users are urged to install the latest update, and to continue watching for alerts that any future updates have been issued.