macOS Ventura 13.3.1
Released:
April 7, 2023
Executive Summary:
Late last week, Apple released an incremental update for currently-supported macOS Ventura devices. In addition to some minor bug fixes, the updates include fixes for two security issues. Apple has learned that one or both may have been exploited in the wild. Because threat actors already have access to exploits targeting these vulnerabilities, there is an increased sense of urgency to protect potentially affected devices.
Andy's Analysis:
The two vulnerabilities fixed in this incremental update are critical. Between the two, the WebKit vulnerability is more concerning to me, particularly for High-Value Targets (HVTs) and Very Important Person(s) (VIPs). This type of WebKit code execution is the meat and potatoes of APT-level exploitation. Adversaries in this domain are looking for zero interaction, surreptitious code exectution attack chains. WebKit must act as a sort of shield between the user, the kernel, and the wild-west open internet. Additionally, all browsers in iOS run on WebKit. Apple policy requires this. WebKit vulnerabilities are quite valuable, as a result.From a technical standpoint, users who have automatic OS updates enabled will see this patch automatically pushed faster than a major or minor point update. Apple staggers the push of automatic updates based on the patch’s point update type (major, minor, incremental) and other on-device analytics. In short, as an example, a device should self-update from 16.4 to 16.4.1 much faster than it would from 16.3.2 to 16.4.
Wrap-up:
Keeping up with proper patching cadence is a mission-critical, never-ending task in our world. Unless there is a clear reason to avoid a specific update, security-conscious users and admins should be amongst the early patch adopters. This update is considered incremental, the lowest tier of patch importance. My advice would still be to prioritize patch deployment for any devices used by HVT/VIPs in your environment. Get the C-suite updated and then pivot to general/global deployment.Discussion:
- Have you seen any unusual issues post-update to v13.3.1?
- Does your org have a stock of outdated iOS/iPadOS devices still running iOS/iPadOS versions older than 15?
- Do you have any major hurdles in your environment related to Apple device updates?