Apple security vulnerability: 'Immediately update' your devices, BlackCloak CEO says

BlackCloak CEO Chris Pierson joins Yahoo Finance Live to discuss Apple’s security vulnerabilities, why Apple users should update their devices, and the outlook for cyberattacks.

Video transcript

BRIAN SOZZI: All right, switching gears. Security experts are warning Apple users to update their devices. This comes after Apple released two security reports detailing vulnerabilities across iPhones, iPads, and Macs that hackers could exploit to get full admin access to your device.

BlackCloak's CEO Chris Pierson joining us now to discuss. Chris, alarming news here. What should iPhone users be doing?

CHRIS PIERSON: Yeah, this is really alarming news coming out of Apple. Two major fundamental flaws in their operating systems that are affecting almost all iPhones, tablets, and all their modern Monterey computers.

First thing that people should do is immediately update their devices, cell phones, tablets, computers. Go to the Settings. Go to the software. Go ahead and update it. Download it immediately today so that you can make sure that your device is not able to be compromised by any third party, whether it's going to a different website or being actively attacked.

JULIE HYMAN: So Chris, Apple is supposed to be best-in-class with this stuff. So what does it tell us that they had this vulnerability?

CHRIS PIERSON: So there have been a number of different vulnerabilities for Apple this year, seven so-called "zero days." These are massive, massive fundamental flaws that can be exploited. And in this case, it is being actively exploited as we speak.

I mean, Apple is among the best in terms of cybersecurity and making sure that its products are hardened. When flaws do happen, Apple always jumps on it very, very quickly. But because the Apple ecosystem is so tightly combined, once you have a flaw on one device it affects every device and it affects, you know, a lot of different operating systems that they have as well.

But usually, Apple is really, really top notch on this. The main message to everyone is this, is that if you have not updated your device, you are 100% vulnerable right now. So go immediately update it. Once you do so, as long as you keep on patching and keep on updating, you'll be fine. And Apple devices are definitely among the safest out there.

BRIAN SOZZI: When you say vulnerable, what does that mean, Chris? What could a hacker do to my phone?

CHRIS PIERSON: Yeah, so there are two different vulnerabilities that are patched. One is with something called the kernel. Think about the kernel as the heart and brains of every Apple device. That has a fundamental flaw in it that can allow any external attacker, usually gonna be used by nation state or intelligence agency, the ability to access your entire device-- every file, picture, turn on your camera, all the rest.

The second is a flaw in what's called WebKit. WebKit is really the brains behind the Safari web browser. So what this means is that if somebody were to go in and put malicious code on a website, and they were to be triggered using Safari, that your device could be-- if you were not patched-- could be compromised. And once again, the same flaws could happen. Your entire phone, tablet, or computer being vulnerable, being seen, be able to be controlled by a third party.

Really, really critical. Politicians, journalists, high profile individuals, corporate executives, stop and do this right now. Update all of those devices.

JULIE HYMAN: You mentioned corporate executives. And that's your clients, right? Your clients tend to be corporate executives and you do cybersecurity work for them. Are there any tips that you would share that-- sort of for regular folks, that usually only those kind of people have access to? If there's just one across the board piece of advice that you would give to, you know, everyday users of technology.

CHRIS PIERSON: I'll give you two. One for free. First, whatever device you have, whatever ecosystem you have-- Windows, Apple, doesn't matter-- make sure you're patching and updating your devices, period. Cell phone, tablet, computer. They come out with security flaws on them every week, every two weeks, every month. At least do it 12 times a year so that you can make sure your device is not vulnerable.

The second one is dual factor authentication. That means not relying on username and password only, and doing this for the big four, social media, healthcare, email accounts, and financial accounts. Making sure that they're always behind dual factor authentication.

Every single person, every consumer, everyone has access to those tools, can use them. That will make your accounts, put it at the 99% mark in terms of cannot hack or gain control of your accounts if you do that.

BRIAN SOZZI: So Chris, we're talking about Apple phones here, but if you own a Samsung device or Google device, should you be concerned?

CHRIS PIERSON: So in this specific case an instance, the answer is no. The current flaws are only going to be on Apple devices. So you don't have to worry about that. Generally speaking, in an overview of cybersecurity, you do have to update your Android devices, your Windows devices.

Windows puts out a patch Tuesday every single month. So there's always a monthly patch cycle for that. And a lot of people forget this, it's not just about the computer. It's about the browser and it's about the other apps.

So whether you're on Google Play store or Apple-- Apple's store, you need to go in and update the apps. And look, don't boil the ocean. Try doing this once a month so that all of those flaws are fundamentally fixed on that monthly basis. It will greatly, greatly decrease your attack surface.

BRIAN SOZZI: Or you just get rid of all your devices, Chris, and throw them in the garbage and just go completely rogue.

JULIE HYMAN: Go live on an island.

BRIAN SOZZI: Go live on an island, yeah.

[LAUGHTER]

BlackCloak CEO Chris Pierson, thanks for breaking this all down for us. We appreciate it.