I'm currently working as an IT technician in the public sector, and I've come across some concerning information about an exploit called 'DarkSword' that affects iOS versions between 18.4 to 18.7. My team sets up and manages iOS devices through MDM but doesn't handle their ongoing maintenance. I've checked through Workspace ONE UEM for our area and found that we have over 1000 phones running versions down to iOS 14, which could be vulnerable to this exploit. These phones are used for sensitive applications such as email and team communications. When I raised my concerns about outdated devices and potential exploits, the response was dismissive, with assurances that it's 'fine.' I recently spoke with our cybersecurity manager about other issues, and he advised me to report any security vulnerabilities I notice. Should I go ahead and write a report about this vulnerability, or am I overreacting and should this be handled by others?
5 Answers
This is significant enough to warrant action. Apple is even backporting fixes for these issues because they know it’s a serious vulnerability. Don’t hesitate to report it—DarkSword is a real threat.
I think the actual risk here might be lower compared to issues like password reuse or phishing, but it’s still worth mentioning. Your security team needs to evaluate all risks, including this one.
Definitely send a report to your cybersecurity team. It's their job to assess such risks and decide what to do next, so they need to be aware of the vulnerability you're seeing.
For sure, send a detailed written report. You’ll want something documented, especially if they decide to ignore your concerns. It’s best to have it in writing, just in case you need to reference it later.
Give the cybersecurity team a heads up via email. If they choose not to act, that’s on them. Just keep a record of your communication for when someone inevitably tries to blame you after a breach.
Right? You'll likely get the usual 'it's fine' and then you'll have to remind them you've already informed them in writing if issues arise later.