<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-ligatures:standardcontextual;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-ligatures:standardcontextual;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:117382251;
mso-list-template-ids:-557299728;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:879977933;
mso-list-type:hybrid;
mso-list-template-ids:1709857528 794186876 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2
{mso-list-id:1496217853;
mso-list-type:hybrid;
mso-list-template-ids:1152963076 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><a name="_Hlk122600425">Good morning,</a><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none"><o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425">The SOC Services team is reporting on the vulnerability:
<b><i>MS-ISAC 2024-051 Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution</i></b>. Due to its high visibility, knowledge of the software installed in the state environment, and active exploitations, we are providing this in-depth
information:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u>History</u></b>: On May 13, 2024, Apple released updates to patch their iOS, iPadOS, and macOS operating systems addressing one vulnerability of note, which is an arbitrary code execution via
memory corruption bug which allows attackers with arbitrary kernel read and write capabilities to bypass kernel memory protections. The vulnerability impacts RealtimeKit (RTKit), the operating system component that’s responsible for executing and managing
processes with elevated timing requirements. Apple’s advisory also mentioned a fix for a bug that impacts the Foundation framework, which provides protocols and functions for developing software. CVE-2024-23296 was established as a CVE on March 5, 2024, and
last modified on March 18, 2024, assigning a CVSSv3 rating of 7.8 (High).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425">The following products are affected:<o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo1"><span style="mso-bookmark:_Hlk122600425">Versions of iOS prior to 17.5 (iPhone XS and later)<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo1"><span style="mso-bookmark:_Hlk122600425">Versions prior to iOS 16.7.8 (iPhone 8, iPhone 8 Plus, iPhone X)<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo1"><span style="mso-bookmark:_Hlk122600425">Versions of iPadOS prior to 17.5 (iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later)<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo1"><span style="mso-bookmark:_Hlk122600425">Versions of iPadOS prior to 16.7.8 (iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation)<o:p></o:p></span></li></ul>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="color:#666666;margin-top:2.4pt;margin-bottom:2.4pt;line-height:11.25pt;mso-list:l0 level1 lfo2">
<span style="mso-bookmark:_Hlk122600425"><span style="color:black;mso-ligatures:none">Versions prior to macOS Sonoma 14.5</span></span><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.5pt;mso-ligatures:none"><o:p></o:p></span></span></li><li class="MsoNormal" style="color:#666666;margin-top:2.4pt;margin-bottom:2.4pt;line-height:11.25pt;mso-list:l0 level1 lfo2">
<span style="mso-bookmark:_Hlk122600425"><span style="color:black;mso-ligatures:none">Versions prior to macOS Ventura 13.6.7</span></span><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.5pt;mso-ligatures:none"><o:p></o:p></span></span></li><li class="MsoNormal" style="color:#666666;margin-top:2.4pt;margin-bottom:2.4pt;line-height:11.25pt;mso-list:l0 level1 lfo2">
<span style="mso-bookmark:_Hlk122600425"><span style="color:black;mso-ligatures:none">Versions prior to macOS Monterey 12.7.5</span></span><span style="mso-bookmark:_Hlk122600425"><span style="font-size:11.5pt;mso-ligatures:none"><o:p></o:p></span></span></li></ul>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425">Patches are available from Apple to fix the vulnerabilities. The fixed versions are:<o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo1"><span style="mso-bookmark:_Hlk122600425">iOS 17.5<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo1"><span style="mso-bookmark:_Hlk122600425">iOS 16.7.6<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo1"><span style="mso-bookmark:_Hlk122600425">iPadOS 17.5<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo1"><span style="mso-bookmark:_Hlk122600425">iPadOS 16.7.6<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo1"><span style="mso-bookmark:_Hlk122600425">macOS Sonoma 14.5<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo1"><span style="mso-bookmark:_Hlk122600425">macOS Ventura 13.6.7<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo1"><span style="mso-bookmark:_Hlk122600425">macOS Monterey 12.7.5<o:p></o:p></span></li></ul>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425">Further information is available from Apple as published in their Security Release Articles:<o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo1"><span style="mso-bookmark:_Hlk122600425">Security Release Content of iOS 17.5 and iPadOS 17.5 –
</span><a href="https://support.apple.com/en-us/HT214101"><span style="mso-bookmark:_Hlk122600425">https://support.apple.com/en-us/HT214101</span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo1"><span style="mso-bookmark:_Hlk122600425">Security Release Content of iOS 16.7.8 and iPadOS 16.7.8 –
</span><a href="https://support.apple.com/en-us/HT214100"><span style="mso-bookmark:_Hlk122600425">https://support.apple.com/en-us/HT214100</span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo1"><span style="mso-bookmark:_Hlk122600425">Security Release Content of macOS Sonoma 14.5 -
</span><a href="https://support.apple.com/en-us/HT214106"><span style="mso-bookmark:_Hlk122600425">https://support.apple.com/en-us/HT214106</span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo1"><span style="mso-bookmark:_Hlk122600425">Security Release Content of macOS Ventura 13.6.7 -
</span><a href="https://support.apple.com/en-us/HT214107"><span style="mso-bookmark:_Hlk122600425">https://support.apple.com/en-us/HT214107</span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo1"><span style="mso-bookmark:_Hlk122600425">Security Release Content of macOS Monterey -
</span><a href="https://support.apple.com/en-us/HT214105"><span style="mso-bookmark:_Hlk122600425">https://support.apple.com/en-us/HT214105</span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><o:p></o:p></span></li></ul>
<p class="MsoListParagraph"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<p class="MsoListParagraph"><span style="mso-bookmark:_Hlk122600425"><span style="background:yellow;mso-highlight:yellow"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u>Intelligence</u></b>: As of May 13, 2024, Apple is aware that CVE 2024-23296 have been exploited in the wild. It is very likely that each exploit will continue to be leveraged by threat actors
over the coming months.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u>Workarounds:</u></b> There are no workarounds at this time.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u><span style="background:yellow;mso-highlight:yellow"><o:p><span style="text-decoration:none"> </span></o:p></span></u></b></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u>How it works</u></b>: There is no public information about how the vulnerabilities are exploited at this time.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="background:yellow;mso-highlight:yellow"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u>Post-Exploit</u></b>: Apple has not released much detail about the exploits at this time, but has acknowledged that an attacker with arbitrary kernel read/write capability may be able to bypass
kernel memory protections.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425">No known indicators of compromise have been publicly shared at this time.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="background:yellow;mso-highlight:yellow"><o:p> </o:p></span></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="mso-bookmark:_Hlk122600425">As of May 13, 2024, the following vulnerability plugins have been released and are currently in Tenable Security Center:<o:p></o:p></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td width="119" valign="top" style="width:89.5pt;border:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="mso-bookmark:_Hlk122600425"><b><u>Plugin<o:p></o:p></u></b></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="672" valign="top" style="width:7.0in;border:solid windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="mso-bookmark:_Hlk122600425"><b><u>Title<o:p></o:p></u></b></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="120" valign="top" style="width:90.2pt;border:solid windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="mso-bookmark:_Hlk122600425"><b><u>Severity<o:p></o:p></u></b></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
</tr>
<tr style="height:18.35pt">
<td width="119" valign="top" style="width:89.5pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt;height:18.35pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="mso-bookmark:_Hlk122600425"></span><a href="https://www.tenable.com/plugins/nessus/191557"><span style="mso-bookmark:_Hlk122600425">191557</span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><o:p></o:p></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="672" valign="top" style="width:7.0in;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:18.35pt">
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b>Apple iOS < 16.7.6 Vulnerability (HT214082)<o:p></o:p></b></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="120" valign="top" style="width:90.2pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:18.35pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="mso-bookmark:_Hlk122600425">High<o:p></o:p></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
</tr>
<tr style="height:17.0pt">
<td width="119" valign="top" style="width:89.5pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt;height:17.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="mso-bookmark:_Hlk122600425"></span><a href="https://www.tenable.com/plugins/nessus/191558"><span style="mso-bookmark:_Hlk122600425">191558</span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><o:p></o:p></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="672" valign="top" style="width:7.0in;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:17.0pt">
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b>Apple iOS < 17.4 Multiple Vulnerabilities (HT214081)<o:p></o:p></b></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="120" valign="top" style="width:90.2pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:17.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="mso-bookmark:_Hlk122600425">High<o:p></o:p></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
</tr>
<tr style="height:17.0pt">
<td width="119" valign="top" style="width:89.5pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt;height:17.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="mso-bookmark:_Hlk122600425"></span><a href="https://www.tenable.com/plugins/nessus/196911"><span style="mso-bookmark:_Hlk122600425">196911</span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><o:p></o:p></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="672" valign="top" style="width:7.0in;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:17.0pt">
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b>Apple iOS < 16.7.8 Vulnerability (HT214100)<o:p></o:p></b></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="120" valign="top" style="width:90.2pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:17.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="mso-bookmark:_Hlk122600425">High<o:p></o:p></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
</tr>
<tr style="height:17.0pt">
<td width="119" valign="top" style="width:89.5pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt;height:17.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="mso-bookmark:_Hlk122600425"></span><a href="https://www.tenable.com/plugins/nessus/196931"><span style="mso-bookmark:_Hlk122600425">196931</span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><o:p></o:p></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="672" valign="top" style="width:7.0in;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:17.0pt">
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b>macOS 13.x < 13.6.7 Multiple Vulnerabilities (HT214107)<o:p></o:p></b></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="120" valign="top" style="width:90.2pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:17.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="mso-bookmark:_Hlk122600425">High<o:p></o:p></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u>Additional Resources:</u></b> The InTune team has provide the attached documents, which can be tailored to your needs. They provide answers to frequently asked questions about iOS updates from
the perspective of both technicians and users, as well as the update process.<b><u><o:p></o:p></u></b></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u><o:p><span style="text-decoration:none"> </span></o:p></u></b></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u>Recommended Actions</u></b>:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"> <o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l2 level1 lfo3"><span style="mso-bookmark:_Hlk122600425">Verify host has not been compromised before applying patches.<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l2 level1 lfo3"><span style="mso-bookmark:_Hlk122600425">Ensure mobile devices are charged to at least 50% and are plugged into a charger before applying the updates.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l2 level1 lfo3"><span style="mso-bookmark:_Hlk122600425">Apply appropriate updates provided by vendor to vulnerable systems immediately after appropriate testing.<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l2 level1 lfo3"><span style="mso-bookmark:_Hlk122600425">Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.<o:p></o:p></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2 level1 lfo3">
<span style="mso-bookmark:_Hlk122600425">Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.<o:p></o:p></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2 level1 lfo3">
<span style="mso-bookmark:_Hlk122600425">Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l2 level1 lfo3"><span style="mso-bookmark:_Hlk122600425">Apply the Principle of Least Privilege to all systems and services.</span><o:p></o:p></li></ul>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="702" style="width:526.5pt;border-collapse:collapse">
<tbody>
<tr style="height:63.0pt">
<td width="118" valign="top" style="width:88.35pt;padding:0in 4.65pt 0in 4.65pt;height:63.0pt">
<p class="MsoNormal" style="line-height:105%"><span style="color:#1F497D;mso-ligatures:none"><img border="0" width="121" height="87" style="width:1.2604in;height:.9062in" id="Picture_x0020_4" src="cid:image001.png@01DAA5D2.01F416E0"></span><span style="color:#1F497D;mso-ligatures:none"><o:p></o:p></span></p>
</td>
<td width="493" valign="top" style="width:369.65pt;padding:0in 4.65pt 0in 4.65pt;height:63.0pt">
<p class="MsoNormal" style="line-height:105%"><b><span style="mso-ligatures:none">Cyber Security Services<o:p></o:p></span></b></p>
<p class="MsoNormal" style="line-height:105%"><span style="mso-ligatures:none">State of Oregon Cyber Security Services<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:105%"><span style="mso-ligatures:none">Enterprise Information Services | SOC<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:105%"><span style="mso-ligatures:none">Cyber Security Services (CSS)<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:105%"><span style="mso-ligatures:none">SOC Hotline: (503) 378-5930 | SOC Services (503) 373-0378<span style="color:#1F497D"><o:p></o:p></span></span></p>
</td>
</tr>
<tr>
<td width="611" colspan="2" valign="top" style="width:458.05pt;padding:0in 4.65pt 0in 4.65pt">
<p class="MsoNormal" style="line-height:105%"><i><span style="color:#2E74B5;mso-ligatures:none">“Ensuring user-friendly, reliable and secure state technology systems that equitably serve Oregonians.”<o:p></o:p></span></i></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>