The IT Nerd

If you have an older iPhone or iPad that still runs iOS 18, Apple has just released a newer version of iOS and iPadOS 18.7.7. It’s meant to fix this vulnerability that is in the wild and should be considered a today problem. Your other option is to go to iOS 26 which is not affected by this vulnerability and protects you from other vulnerabilities as a bonus. But whatever you do, don’t delay and patch your iDevice ASAP.

That ends today’s public service announcement.

If you’re running an older version of iOS, you may want to update to the most recent version of iOS that your device supports ASAP. I say that because in a support document Apple is telling people to update to the latest version of iOS that is available for your device to protect yourself from exploit kits that are effective against older versions of iOS, like this exploit kit. This is the advice that Apple is offering:

If your iPhone has an older version of iOS, update to protect your data:

• Devices with the latest, updated versions of iOS 15 through iOS 26 are already protected. If you have not updated your software recently, update iOS on your iPhone.
• We released a software update for iOS 15 and iOS 16 on March 11, 2026, to extend protection to older devices that cannot update to the latest version of iOS.
• Devices with iOS 13 or iOS 14 must update to iOS 15 to receive these protections and will receive an additional alert to install a Critical Security Update in the next few days.
• Apple Safe Browsing in Safari is on by default and blocks the malicious URL domains identified in these attacks.

Note: Users who are unable to update their device can consider enabling Lockdown Mode (if available) to protect against malicious web content and other threats.

Apple normally doesn’t put out statements like this, so I would take this very seriously and take action ASAP. Because it is highly likely that the exploits that Apple is warning you about are widespread. Which makes them a today problem.

Apple has issued patches this week for an exploited zero-day that’s reported to have been in each version of iOS since v1.0. Which takes us back to the late 2000’s to the first iPhone in 2007.

Apple’s advisory notes: “An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.”

Mobile security expert Madhav Benoi, Head of Security Research, Approov had this to say: 

    “This attack is a powerful primitive that can be used to run arbitrary code. The good news is that it only affects iOS versions below 26.

“The immediate downside for a victim is complete device compromise. It makes sense that it was used for targeted individuals as for certain political/informational gain, this is a weapon that can be used to gain entryway into targets.

“Users and organizational security teams should patch Apple iPhones immediately, and if they’re  still using iOS 18 and haven’t moved to 26, please do As soon As possible. If they’re continuing to run an iOS version below 26, they just be careful with what apps they install. Keep an eye out if any apps are popping up random things and are asking for permissions that they don’t need. This could be an indicator of compromise.”

Damon Small, Board Member, Xcape, Inc. adds this:

    “Apple’s emergency patch for CVE-2026-20700 signifies a rare and concerning development, as the company explicitly warns of an “extremely sophisticated attack,” likely linked to nation-state espionage or commercial spyware. The significant drawback is that even highly controlled mobile ecosystems are vulnerable to advanced exploitation, and targeted individuals may have minimal indication that their devices have been compromised. Discovered by Google’s Threat Analysis Group, this zero-day vulnerability targets the Dynamic Link Editor (dyld), the essential “gatekeeper” responsible for how every application loads and is protected from each other on your device. By compromising this core component, attackers can completely bypass this iOS sandbox, enabling them to execute arbitrary code and silently install persistent surveillance tools.

   “The true concern lies in the frightening precision of the exploit chain, which was used in conjunction with previously patched WebKit vulnerabilities to target high-value individuals with “zero-click” efficiency. For any team managing a fleet of Apple devices, this is not a standard update; it’s a critical emergency that necessitates immediate patching to iOS 26.3 or iOS 18.7.5. Individual users need to be concerned as well and should also update immediately. 

    “Patch fast or get pwned! If your iPhones aren’t on the latest build, assume someone’s already working on the next 0-day.”

If you haven’t updated to iOS 26.3, I’d be doing so ASAP. While you’re at it, you should update the rest of your Apple gear as well as there are updates for watchOS, macOS and others that were released at the same time. While Apple exploits tend to be used against high value targets such as human rights campaigners, journalists, and politicians, that could change at any time. Thus it’s time to patch all the things in order to be safe.

Apple is expected to release their latest OS which is macOS Tahoe today. Before we go on, here’s a list of what macOS Tahoe will run on:

• iMac 2019 and later
• Mac Pro 2019 and later
• Mac Studio 2022 and later
• MacBook Air with Apple Silicon 2020 and later
• Mac mini 2020 and later
• MacBook Pro with Apple Silicon 2020 and later
• MacBook Pro (16‑inch, 2019)
• MacBook Pro (13‑inch, 2020, Four Thunderbolt 3 ports)

You should note that some features of Tahoe won’t work on Intel Macs. And on top of that, this is the last year that Intel Macs will be supported. So if you haven’t made the move to Apple Silicon, now would be a really good time to dump your Intel Mac.

Related to the above, here’s list of features that Tahoe includes.

If your Mac isn’t on this list, you’re out of luck. But assuming that it is, here’s some tips on what you might want to do before you pull that trigger and upgrade. And a couple reasons why you shouldn’t.

1. Don’t Upgrade… At least not yet. Part 1 : The reason why you shouldn’t upgrade is that Apple’s initial releases tend to be buggy. But they usually get better after they release an update or two. Though that wasn’t the case with Sequoia as they never fixed the Time Machine issues that this specific OS had. So you may want to wait until at least the .1 update hits the streets before making the jump. Or better yet, wait until the .2 release to be extra safe. 
2. Don’t Upgrade… At least not yet. Part 2: Your apps that you depend upon may not be ready for Tahoe. Thus out may be a better strategy to confirm whether they are ready or not. And if they’re not, wait for them to be compatible with Tahoe before you upgrade.
3. If you Must Upgrade, Make A Backup: Needless to say, making a backup of your current setup is vital before upgrading. That way you have a way to go back to where you were if things don’t work out. There’s plenty of backup solutions out there from Apple’s own Time Machine to third party utilities such as Carbon Copy Cloner that can be used for this purpose.
4. Upgrade Your Software BEFORE You Upgrade: Assuming your apps are going to be compatible with Tahoe, you should ensure that all your apps are up to date before you pull the trigger on upgrading. That will reduce the risk that something might go sideways during the upgrade.
5. Run Disk Utility BEFORE You Upgrade: The last thing I would do is boot of the Recovery Partition and run Disk Utility to verify the volume that you plan to install the upgrade on. It likely wouldn’t hurt to do a permission repair as well.

At this point you should be good to go. Key word being SHOULD. Upgrading an operating system isn’t a trivial process. But if you take these steps beforehand, you should reduce the risk of any issues. Or you can take my first couple of suggestions which is to wait for a bit before upgrading. Then follow the rest of my advice. In my case, I am not planning on upgrading to Tahoe. At least not yet given my experience with Sequoia. But I may upgrade in the future depending on what problems do or do not surface in the coming weeks.

iCloud Calendar Spam has been a thing for a while now. And lately it has resurfaced in a big way. Spammers have been sending calendar invitations containing links, most of them taking the form of cryptocurrency scams. And the big problem with this is that email filters and other security measures that are in place to stop scams from hitting your calendar or inbox are completely bypassed. Thus making it far more likely that there will be victims.

Bleeping Computer has a story on this: https://www.bleepingcomputer.com/news/security/icloud-calendar-abused-to-send-phishing-emails-from-apples-servers/

Javvad Malik, lead security awareness advocate at cybersecurity company KnowBe4, commented:

“There is an ongoing trend of phishing that rides on reputable services. These attacks, such as the one using iCloud Calendar pass SPF/DKIM/DMARC, and land in inboxes with borrowed legitimacy. People don’t scrutinize calendar links the way they do email links, so a meeting invite with a callback number lowers defenses and funnels victims into vishing or remote‑access scams.

“KnowBe4 Threat Labs has been tracking the same pattern (https://blog.knowbe4.com/phishing-deep-dive-eu-affiliated-survey-platform-exploited-in-sophisticated-credential-harvesting-campaign) of attackers launching campaigns through legitimate platforms AppSheet, Microsoft, Google, QuickBooks, even Telegram which bypass native and SEG controls.

“Don’t just hunt for misspellings and spoofed domains, look at the intent. Ask if this communication was expected, is it trying to spike emotion, and is there an artificial time limit pushing you to act now? If the answer is yes to any, stop and self‑verify via a known channel. And treat calendar invites with the same scepticism as email.”

Apple has a video that addresses this topic that you should look at if get hit by this. But Apple needs to figure out a way to stop this from being an issue in the first place. Maybe with this new wave of spam, they might put some effort and resource into finding a solution.

If you thought the Masimo/Apple fight over the blood oxygen feature in the app was over when Apple released a workaround last week, you were wrong. Masimo has apparently filed a new complaint in the US District Court for the District of Columbia. Here’s why and who’s getting sued:

This action challenges an unlawful August 2025 ruling by U.S. Customs and Border Protection (“CBP”) allowing Apple Inc. (“Apple”)—via an ex parte process—to bypass a Limited Exclusion Order (“LEO”) from the U.S. International Trade Commission (“ITC”) that prohibits the importation of Apple Watch products that infringe Masimo Corporation’s (“Plaintiff” or “Masimo”) patents.

And:

It has now come to light that CBP thereafter reversed itself without any meaningful justification, without any material change in circumstances, and without any notice to Masimo, let alone an opportunity for Masimo to be heard. CBP changed its position on Apple’s watch-plus-iPhone redesign through an ex parte proceeding. Specifically, on August 1, 2025, CBP issued an3 ex parte ruling permitting Apple to import devices that, when used with iPhones already in the United States, perform the same functionality that the ITC found to infringe Masimo’s patents. Masimo only discovered this ruling on Thursday, August 14, 2025, when Apple publicly announced it would be reintroducing the pulse oximetry functionality through a software update.

Masimo now wants a temporary restraining order and preliminary injunction to block the CBP’s decision, and they also want the original ruling reinstated. It will be interesting to see if any of that actually happens. But what is clear is that this fight is far from over.

Apple earlier today just released the following updates:

• macOS 15.6.1, 13.7.8, 14.7.8
• iOS 18.6.2, and iPadOS 18.6.2 along with iPadOS 17.7.10

Now the reason why you should update all the things ASAP can be found here on Apple’s security page. Below is the one from iOS 18.6.2:

ImageIO

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

Description: An out-of-bounds write issue was addressed with improved bounds checking.

Now, chances are you’re not one of those individuals that are being targeted. But what tends to happen is that other threat actors will simply try to reverse engineer what Apple fixed in order to launch their own attacks on people who have not updated. Thus you might want to patch all the things ASAP as given the state of cybersecurity at the moment, you can never be too careful.