Now let us look at the CVEs associated with these vulnerabilties. In case you want to know how MDM can help you, refer to this:
- Arbitrary code execution (ACE)
- Access to restricted memory
- Unexpected system termination or read kernel memory
- CVE-2019-8599: Anyone with physical access to the device and can obtain the e-mail used for configuring iTunes
- CVE-2019-8620: A device may be tracked via Wi-Fi MAC address.
How to fix these vulnerabilities?
Identifying devices running outdated OS versions
Firstly, you need to identify the devices running the vulnerable OS version. For example, if you want to identify all devices running iOS 11.2, follow the steps given below:
- On your MDM server, click on Inventory from the top menu.
- Go to the device list and verify if OS Version is available as one of the columns. If not click on the table icon, from the right menu and select OS Version from the list.
- Once done, click on the search icon and then in the space provided below OS Version, type in 12.2, to get the devices running iOS 12.2.
Updating the device OS
The next step is to ensure the devices are running iOS 12.3 by associating an OS update policy. To create an OS update policy, follow the steps given below:
- On the MDM server, click on Device Mgmt from the top menu and select Automate OS updates from the left menu.
- Click on Create Policy and select iOS from the dropdown. Provide a policy name.
- As the update needs to be on the device immediately, select the option immediately for Deploy OS Updates and also select the checkbox which forces OS updates on the devices. You can know more about scheduling and automating OS updates here.
- Once done, distribute the policy to identified devices to ensure the devices get updated.