You’re probably not surprised America has a federal agency dedicated to cybersecurity. It’s called the Cybersecurity and Infrastructure Security Agency, or CISA for short.
CISA is relatively young. It was formed in 2007 as a component of the Department of Homeland Security (DHS), originally named the National Protection and Programs Directorate (NPPD).
The NPPD’s goal was to reduce and eliminate threats to critical U.S. physical and cyber infrastructure. In 2018, President Trump signed the Cybersecurity and Infrastructure Agency Act of 2018, establishing CISA as the successor to the NPPD. CISA’s current Director is Jen Easterly, former head of Morgan Stanley’s cyber defense operations. As you can imagine, the rest of CISA’s leadership is of a similar pedigree.
Along with CISA’s elevated status within DHS came additional responsibilities. CISA’s mission statement is straightforward: “We lead the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure.”
However, their work is wildly complex and influences national security, economic stability, and public safety. CISA’s key activities involve both industry and government stakeholders and include cybersecurity risk assessment and management, infrastructure resilience, emergency communications, election security, and public awareness and training.
When CISA issues “Cybersecurity Advisories” or “Alerts,” we should probably listen. Recently, CISA urged Apple administrators and users to “apply the necessary updates” for Safari 17.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, MacOS Monterey 12.7.4, watchOS 10.4, tvOS 17.4, and visionOS 1.1. The reasoning behind the release sounds ominous, and it is: “A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.”
As with most Apple updates, iOS 17.4 and its companion releases for the Apple Watch, iPad, Mac, Apple TV, and Vision Pro all include important security patches, and in this case two of those are known to have been exploited by hackers — and that was before Apple announced these vulnerabilities to the world by including them in its security release notes.
In addition to closing those already exploited holes, iOS 17.4 also addresses around nearly 40 other security issues, including the possibility of private browsing tabs being visible in Safari without authentication and malicious apps being able to observe user data in log entries related to accessibility notifications in macOS Sonoma and watchOS.
Then there’s Apple’s relatively new Stolen Device Protection feature. When enabled, your iPhone will require Face ID or Touch ID authentication before a thief can change any important security settings and enforce a one-hour delay for the most critical things like password changes. While this was added in iOS 17.3, Apple’s latest update lets you tighten things up further by adding some of these additional protections even when your iPhone is being used in a familiar location, such as your home. Note that this feature isn’t on by default; you need to enable it by going to Settings > Face ID & Passcode > Stolen Device Protection.
We’re generally proponents of always installing the latest OS updates here at iDrop News, even at the expense of possible side effects like battery life and storage availability. There are too many security vulnerabilities being exploited by cybercriminals to risk leaving your devices unprotected, and those risks increase dramatically as soon as Apple announces those security fixes in its release notes.
Regularly updating your Apple device is essential for maintaining its functionality, performance, and most importantly, security. Apple is constantly working behind the seasons to patch any vulnerabilities discovered since the latest OS version. According to both Apple and CISA, by not updating, you leave your device open to attacks that could potentially lead to unauthorized access, data theft (including private or financial information), and malware infections. Whenever in doubt, err on the side of updating your Apple device.