Advertisement

Mobility News

Apple, Hackers And MSPs: 5 Questions With Addigy CEO Jason Dettbarn

Kyle Alspach

Dettbarn, whose company specializes in Apple device management software, speaks with CRN about the recent iMessage exploit, Apple’s product announcements this week and Addigy’s expanded efforts with managed services providers.

Should the iMessage vulnerability be a concern for more than just specific targeted individuals?

It’s “guaranteed” that there are wider implications beyond just the impact on certain individuals who’ve been identified as targets, Dettbarn said.

On Monday, Apple released patches for iPhone, iPad and macOS devices that address an iMessage vulnerability reportedly used by spyware maker NSO Group. The Citizen Lab at the University of Toronto reported discovering the zero-day, zero-click iMessage exploit—which the research group says was used by NSO Group to infect a Saudi activist’s iPhone with its Pegasus spyware.

In a statement provided to CRN on Monday, Ivan Krstić, head of security engineering and architecture at Apple, confirmed that the exploit affected iMessage. However, Krstić’s statement indicated that this type of attack is “not a threat to the overwhelming majority of our users.”

“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” Krstić said in the statement.

Dettbarn said he believes the exploit potentially has a broader impact, however.

“Nobody knows the full trajectory of these active exploits, because it’s never fully disclosed. And the proliferation of how to leverage the exploit goes out there very, very quickly,” Dettbarn said. It’s “absolutely not” just NSO Group that has likely made use of this iMessage vulnerability, he said.

“It’s always an ‘iceberg’ – what we see is just 10 percent of it. Anybody who thinks differently is just not wanting to look [deeper] into that,” Dettbarn said.

 
Kyle Alspach

Kyle Alspach is a Senior Editor at CRN focused on cybersecurity. His coverage spans news, analysis and deep dives on the cybersecurity industry, with a focus on fast-growing segments such as cloud security, application security and identity security.  He can be reached at kalspach@thechannelcompany.com.

Advertisement
Advertisement
Sponsored Post
Advertisement
Advertisement