The following was sent as an email to the Carleton Community on 22 Feb 2023.
A week ago, Apple released updates to address a set of serious vulnerabilities affecting most Apple devices. Yesterday security researchers released a report detailing how these vulnerabilities may be exploited. Successful exploitation could allow an attacker to gain access to sensitive information, install applications, or spy on users. This could happen merely by the user visiting a maliciously-crafted website. It does not require any other direct user action. This is essentially the worst kind of security vulnerability.
WHAT YOU NEED TO DO:
It is essential that everyone update ALL of their Apple devices whether institutional or personal. This includes all Apple computers, iPhones, and iPads. An update requires a reboot. Instructions for updating your devices may be found in this Knowledge Base article, which includes the advice that you do not need to upgrade to macOS 13 “Ventura” in order to address this vulnerability.
Please update your devices within the next week. While we know this request comes at a challenging time in the term, these vulnerabilities are serious. We need broad community support to avoid compromising important personal and college data.
HOW TO GET HELP:
If you have any questions or want support while performing these updates, you are welcome to call the ITS helpdesk at 507-222-5999. ITS staff members will be hosting drop-in sessions on Friday, 2/24 from 8am – 5pm. They will be offering a Zoom drop-in option and an in-person drop-in at the ITS Helpdesk on the main level of the CMC.
For other questions, comments, or concerns about this advisory, please contact our Information Security Officer, Kendall George, kgeorge@carleton.edu.
Kendall George, Information Security Officer
Janet Scannell, Chief Technology Officer