Things are getting serious regarding Apple security. This shouldn’t really surprise you, given the normalization of chaos we’re enduring, as confusion always makes people more vulnerable. It’s easier to be hoodwinked into clicking that particular malware link when your head’s all over the place, you can’t think, and you don’t know whether you’ll still be in business tomorrow. That’s because threats don’t need to be aligned or even harmonized to work together. Insecurity in one space breeds less security elsewhere, and then the whole house of dominoes falls on the strength of a single malicious whisper. Just last week, Ric Derbyshire, principal cybersecurity researcher at Orange Cyberdefense, warned that the digital world is at risk.  Apple fixes two zero-days Then, as if on cue, Apple rushes out its iOS 18.4.1 security patch to fix a pair of zero-day attacks it thinks are being actively used. The patch has also been made available to Macs, iPads, and other Apple devices. More importantly – and in a sign of the severity with which the normally secure company views this attack — the update has also been made available to older devices, including macOS Sequoia, the iPhone XS, Apple TV HD, and other devices the company doesn’t usually patch. The fact that it has patched these devices should be seen as a red flag, upon which you’ll see written in VERY BIGLY WORDS: “Install these security patches today”. You should heed that advice immediately for your fleet of Apple devices. Apple rushed out a security bulletin to explain that the patches were released in response to an “extremely sophisticated attack” that took place against “specific targeted individuals.” These attacks exploited a flaw in CoreAudio that could be used to execute remote code on vulnerable devices. They also used a flaw in Apple’s Remote Participant Audio Control framework. This let hackers with read and write access bypass iOS security protections that help protect memory. These two flaws also let attackers figure a way into your devices so they could steal data and spy on what you do. These are just the latest zero-day attacks to have been identified and protected against on Apple’s platforms. But the growing frequency of these exploits should act as a visible barometric measure reflecting intense heat in the battle between white, black, and occasionally grey hat hackers. Vast resources are being piled into attempts to undermine digital security, and the highest value attacks aren’t aimed at the contents of Aunt Bessie’s bank account – state secrets, military plans, intelligence in various forms, all are now up for grabs.  A fragile peace The threat environment is now so febrile that many of the top brass in business already travel with single-use devices, as they recognize the inherent risk when visiting some nations. That big picture of risk is intensifying, as the UK, EU and other governments take steps that, bit by bit, further undermine notions of digital security. We’re in a race against the clock to protect what we’ve got, while waiting in the wings you can now see a future of attackers armed with quantum computers, ready to exploit every single vulnerability that exists and hasn’t yet been identified.  Given this is the true security environment, it’s laughable that the most popular passcode used in the world continues to be 123456 — it’s as if people really don’t want to understand that to protect other people you’ve got to protect yourself. Because if these exploits are being used against targeted, high-value individuals today, I’d bet my last dollar (if I still had a last dollar) they will be weaponized for use against ordinary Joes and Joelles tomorrow. There’s always going to be someone who doesn’t get the memo and doesn’t protect themselves – and if that is you, then rest assured, these attacks are coming for you. Update your Apple devices now. You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.