Head's Up People

[minderasr]

Homeland Security Agency Urges iPhone, Windows Users to Update Soon

The Department of Homeland Security’s (DHS) cybersecurity agency this week advised users and administrators to update their Apple, Microsoft, and Adobe products after security vulnerabilities were detected.

https://www.theepochtimes.com/homeland-security-agency-urges-iphone-windows-users-to-update-soon_5190737.html

[Batesmotel]

Won’t let me view the article unless I give them my email. 

[pipedreams]

2 hours ago, Batesmotel said:

Won’t let me view the article unless I give them my email. 

Here you go..............how do we known we can trust DHS not to be loading us up with spyware.

 

The Department of Homeland Security’s (DHS) cybersecurity agency this week advised users and administrators to update their Apple, Microsoft, and Adobe products after security vulnerabilities were detected.

“Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device,” said the Cybersecurity Infrastructure & Security Agency in a statement on April 11, referring to a handful of security updates issued for iPhones, iPads, and other devices in the past week.

This week, Apple rolled out its security update to older Apple iPhones, iPads, Mac desktop computers, and Macbooks after it released iOS and iPadOS 16.4.1 and macOS Ventura 13.3.1 to fix two actively exploited security flaws. That update was extended to older devices, including those that use iOS and iPadOS 15.7.5, macOS Monterey 12.6.5, and macOS Big Sur 11.7.6 to patch the same security bugs.

That impacts all iPhone 6, iPhone 7, first-generation iPhone SE, iPad Air 2, fourth-generation iPad Mini, and seventh-generation iPod touch models that Apple sold in the mid-2010s, according to Apple’s support page. Last week’s update impacted all of Apple’s later phones and devices.

“If you have an older Mac, you need to ensure you have last week’s Safari update and this latest patch to go with it. If you have an older iPhone or iPad, you need to get today’s update, or else you remain vulnerable to both bugs, as used in the wild in the attack discovered by Amnesty and investigated by Google,” said security firm Sophos on its blog.

The research firm said that CVE-2023-28205 is a “hole in Webkit,” or the engine used by Apple’s Safari browser and other browsers, that can allow a hacker to “give cybercriminals control over your browser, or indeed any app that uses WebKit to render and display HTML content.”

“Apple’s own Safari browser uses WebKit, making it directly vulnerable to WebKit bugs,” the firm said. “Additionally, Apple’s App Store rules mean that all browsers on iPhones and iPads must use WebKit, making this sort of bug a truly cross-browser problem for mobile Apple devices.”

CVE-2023-28206, another flaw that is being tracked and was patched, involves a security hole in IOSurfaceAccelerator. The bug can allow an app to execute code with kernel privileges, meaning an attacker can target the core of the code in iOS if it isn’t patched.

To update an Apple device, users can manually update to the latest version on their iPhones or iPads by heading to Settings, General, and Software Update. Then, they should tap Download and Install, follow the prompts, and wait for the phone or device to restart.

On Mac laptops and desktop computers, users can open the Apple menu and choose System Settings before going to General and then clicking on Software Update.

Meanwhile, Microsoft this week also issued an update that targets around 100 security vulnerabilities in the Windows operating system, it said. CISA also urged users and administrators to update their devices. Microsoft’s series of updates includes a patch to CVE-2023-28252, which is a weakness in the Windows Common Log System File System driver that is under active attack.

“If it seems familiar, that’s because there was a similar 0-day patched in the same component just two months ago,” Dustin Childs at the Trend Micro Zero Day Initiative told Krebs on Security. “To me, that implies the original fix was insufficient and attackers have found a method to bypass that fix. As in February, there is no information about how widespread these attacks may be. This type of exploit is typically paired with a code execution bug to spread malware or ransomware.”

To update your Windows device or computer, select the Start menu, type “Windows Update,” and load the Windows Update item that is displayed. The user should then manually check for updates.

[Ramjet38]

Checked for software updates on my mac Catalina and showed none, or none for Safari.

[LostinTexas]

Trusting DHS is sketchy at best, HOWEVER,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

The all too popular fad of not updating any OS for months to years really leaves room for vulnerability. Security patches and updates are real. The only way to react to a new threat is to update, and they are all reactionary. Some sooner than others.  I don't care for having to rely on the Big Tech companies either, but unless you are a programmer with experience and knowledge of such things, it is all we have. Windoze just sent down a big security update. I thought it was the monthly normal stuff, could have been but seemed to have an extra download.

Is this a real deal? Who knows, but not keeping up is still a poor choice. Yes even if "You never had a problem". Chances are you are a lot more lucky than good.

Edit: Android seems to not be ready just yet, if it is threatened.

[jmohme]

The secret is to not keep important **** on your phone and don't connect it to your computer to have it link your smart Stupid phone to anything important on it.

Use your phone as a phone, not a suppository for all of your financial and personal information.

[Mrs.Cicero]

13 hours ago, jmohme said:

The secret is to not keep important **** on your phone and don't connect it to your computer to have it link your smart Stupid phone to anything important on it.

Use your phone as a phone, not a suppository for all of your financial and personal information.

"suppository".  

[Eric]

You know, punctuation is very important. Consider this phrase: 'Let's eat grandma', or 'Let's eat, grandma.' Those two situations have a very different ending.

[LostinTexas]

20 hours ago, jmohme said:

The secret is to not keep important **** on your phone and don't connect it to your computer to have it link your smart Stupid phone to anything important on it.

Use your phone as a phone, not a suppository for all of your financial and personal information.

 

6 hours ago, Mrs.Cicero said:

"suppository".  

I chuckled at the play on words, or typo. Either way it turned out funny and very correct.