The bug was out in the wild for about two weeks as of this writing, which is forever when it comes to security. Still a patch is a patch, and it is good to see this one getting closed. There are other critical severity patches out from Apple that include removing several Remote Code Execution (RCE) vulnerabilities found in across all of Apple’s operating systems.
These should be spooled up to be patched as soon as possible just because they contain fixes for RCEs and, well patching is important (Patch Often Patch Early). What makes these patches even more critical is that one has a note from Apple saying that Apple is “aware of a report that this issue may have been actively exploited.”. This is a calm way of saying you might already be owned because treat actors already have a way to exploit this in play.
We have said it before, and it bears repeating. Patching must be part of your security culture and requires buy in from everyone. Yes, it can be a pain in the ass. However, if you make this part of the daily routine, it is just another thing that you do at work. Like getting your morning caffeine or checking your email. The updates run, they finish, you move on with your day. In the meantime, you are taking away attack vectors and making your organization more complex to compromise.
Happy patching.