Zoom Fixes Severe Security Vulnerability for Mac Users

There is no doubt that Zoom has become very popular in the business and academic sectors, as it is widely used for video conferencing and voice-over IP (VoIP).

Zoom issued a security bulletin at the beginning of October, informing users that an update was now available for download in response to an identified security flaw. CVE-2022-28762 has been identified as a vulnerability by Zoom and has been patched accordingly.

Specifically, this problem appears to affect the macOS Zoom client from versions 5.10.6 to 5.12.0. It is important for users to make sure they have the latest version of Zoom installed on their computers. When using the Zoom desktop client on a Mac, users can look at the current version number of the video conferencing software that is currently installed by clicking “zoom.us” in the menu bar.

It is possible for users to manually update the software by checking for updates in the “About Zoom” section of the software.


The macOS Zoom client is vulnerable to local attacks by malicious users because of a vulnerability identified in the open debugging port of the client.

The vulnerability identified by Zoom was rated 7.3 out of 10 by the CVSS (common vulnerability scoring system), which indicates it is a severe issue.

Zoom recommends that all users update their software to the latest version as soon as possible to protect themselves from potential security vulnerabilities.

The safety and security of Zoom’s users are a top priority for the company. Although the CVE-2022-28762 vulnerability is severe, it can be fixed by updating Zoom to the most recent version. It is highly recommended that users check the version that they are currently using and update it accordingly.

DuckDuckGo for Mac Comes with New Privacy Features

DuckDuckGo announced on October 18, 2022, that the beta version of its Mac desktop app is now available for all Mac users. 

DuckDuckGo is a browser that focuses on privacy. It has many new features designed to make web browsing more private and less cluttered, improving the user experience. DuckDuckGo generates objective results without any subjective factors or “user preferences.”

The intent of DuckDuckGo for Mac is to replace “incognito” modes in other browsers that do not fully protect against web tracking. DuckDuckGo’s app for Mac uses roughly 60% less data than Chrome because trackers are blocked before they are loaded. In addition, the app has advanced privacy protection features pre-configured and activated by default to improve the user’s experience.

What’s New

Despite being in beta, DuckDuckGo for Mac has added several updated features since it was released in April 2022. The most significant change is that version 0.30 does not leave blank spaces in place of blocked ads, allowing users to browse without distractions.

Duck Player

Duck Player is one of the exciting highlights of this announcement. The Duck player provides a more private way to watch YouTube videos. This embedded YouTube player prevents the platform from building an advertising profile for users. Using Duck Player will reduce targeted ads and distractions. However, users can switch seamlessly between Duck Player and standard YouTube.

Password Management

There’s a secure password manager in DuckDuckGo’s browser. Like most password managers, DuckDuckGo’s password manager stores and fills in login credentials automatically. However, DuckDuckGo has partnered with Bitwarden, a password manager that’s open-source. Bitwarden users can look forward to activating a new password manager integration through the browser’s settings in the coming weeks. Additionally, DuckDuckGo for Mac now works with 1Password’s universal autofill.

Email protection

DuckDuckGo’s new version of the browser also offers email protection. Users who activate DuckDuckGo’s email protection will be able to protect their email inbox with email tracker blocking and private @duck.com addresses.

Cookie Pop-Up Manager

The Cookie Consent Pop-Up Manager manages cookie pop-ups much more effectively. The pop-up manager will automatically select the most private option to minimize cookies on various websites. The pop-up manager allows users to browse the internet without being interrupted by annoying pop-ups asking about cookie permissions.

Currently, DuckDuckGo for Windows is in its early beta with testing through family and friends.  A  private waitlist for the Windows DuckDuckGo app in beta is expected to be publically released soon.

Overall, DuckDuckGo’s desktop app for Mac is an exciting new development that offers a more private and less cluttered web browsing experience. The app has several unique features that make it an appealing option for a more secure and private browsing experience. Although the application is still in its early stages of development, it has shown promise as a more privacy-conscious alternative to other web browsers.


Apple Products Released at Far Out Event

On September 7, 2022, Apple hosted its annual product release event at one pm Eastern Time (ET). Tim Cook, Apple’s CEO, took the stage at the Far Out event held at the company’s headquarters in Cupertino, California, to unveil a slew of brand-new and significantly enhanced devices. The iPhone 14 and several new smartwatches and AirPods are among the latest products.

The company released three new smartwatches to add to its expanding collection.

The new Apple watch series 8 was released at the event. Apple’s newest smartwatch has a
redesigned watch face, a large display, and several safety features, including collision detection.

The standard model begins at $399, but enthusiasts may upgrade to the deluxe model for
cellular data connectivity. The Apple Watch SE’s new design is identical to its predecessor’s. The only physical difference is that the base casing is composed of a nylon composite material, making it somewhat lighter. Beginning at $249, the SE is less expensive than previous models.

The Apple Watch Ultra has a case built from a titanium composition, making it more robust than other Apple Watch models. In addition, the display brightness of the smartwatch is 2000 nits, making it the brightest among all Apple watches. Along with sophisticated algorithms for reducing wind noise, the three built-in microphones considerably enhance the overall sound quality of the device. Another notable feature of the Apple Watch Ultra is the dual-frequency GPS, which provides more precise GPS data. The Apple Watch Ultra is priced at $799.

The H2 audio chip, swipe-based volume controls, improved noise cancellation, and extended battery life are just a few of the improvements included in Apple’s AirPods Pro 2.
Despite the new features, Apple decided not to change the price from $249.

The most interesting new product unveiled by Apple is the iPhone 14, which will be available in four distinct models: iPhone 14, iPhone 14 Plus, iPhone 14 Pro, and iPhone 14 Pro Max.

Apple made several hardware and software improvements to the iPhone 14 and iPhone14 Plus, including enhanced thermal performance, a new photogenic engine to boost the camera performance, and satellite communication in the event of an emergency.

The “dynamic island” feature can only be found on the iPhone 14 Pro and iPhone 14 Pro Max. According to Apple, “the dynamic island enables new ways to interact with iPhone, featuring a design that blends the line between hardware and software, adapting in real-time to show important alerts, notifications, and activities.”

With the iPhone 14 Pro and iPhone 14 Pro Max, consumers will have access to updated
features, including improved cameras, adaptive flash, enhanced safety features, and the new A16 chip to improve efficiency.

Customers may place orders for any of Apple’s newly released items; however, the iPhone 14 Plus is not scheduled to ship until October 7, 2022.

The “Far Out” event Apple hosted was undoubtedly exciting for those passionate about the company’s products. It will be intriguing to watch how Apple continues to develop innovative approaches to continue servicing its customers.

Apple To Settle Butterfly Keyboard Lawsuit

Do you have a MacBook with a Butterfly Keyboard?  If so, keep an eye out for an email regarding the Butterfly Keyboard class action lawsuit.

Recently, Apple has agreed to pay out $50 million to settle the suit that alleged that Apple knew about flaws with the butterfly keyboard’s switches it built into several MacBook models.

The keyboards were first introduced by the company back in 2015 and proved to be incredibly unreliable.  The least bit of dirt, dust, or grime could make it so that keys got stuck or stopped responding altogether.

For their part, Apple attempted several times to fix the issue, but each attempt failed. That was because unfortunately, the company never addressed the core issue, and the company eventually retired the butterfly keyboard in 2020.

The judge still must give final approval to the proposed settlement agreement. The important bit for Apple users is that if you owned a computer with a butterfly keyboard and spent money trying to have it repaired, you may be contacted once the agreement is finalized and be eligible for compensation.

There’s one rather significant catch, however.  You’ll only be eligible for compensation if you live in California, New York, Florida, Illinois, New Jersey, Washington, or Michigan.  People who live in other states were not included in the class.

Compensation under the agreement is broken into three tiers. First are those who got at least two top case replacements, second are those who got one top case replacement, and third are those who got one or more keycap replacements.

People in the first tier will get the most, and people in the third tier will get the least. Total payouts are expected to range from $50 at the low end to as much as $395 at the top end.  That’s obviously not enough to replace your system if you happen to still be using it, but it’s a good start.

Microsoft Releases PoC Code For MacOS App Sandbox Vulnerability

MacOS features a powerful sandbox restriction that helps keep modern Apple computers safe by limiting how code can run on the system.

Unfortunately, no system is bullet proof. There’s a way that a determined attacker could bypass sandbox restrictions and execute malicious code arbitrarily.  Engineers at Microsoft discovered the vulnerability, and independent security researcher Arsenii Kostromin discovered it independently.

Both groups responsibly disclosed their findings to Apple and the Microsoft team released the technical details along with a proof of concept that demonstrates how it works.

The vulnerability is being tracked as CVE-2022-26706, and the issue specifically relates to macros in Word documents opened on a machine running MacOS.  If that’s something you do on a regular basis, then it pays to be well versed in exactly how this vulnerability could be used against you.

Johnathan Bar Or is one of the researchers on the Microsoft 365 Defender Research Team.

Johnathan had this to say about the issue:

“Despite the security restrictions imposed by the App Sandbox’s rules on applications, it’s possible for attackers to bypass the said rules and let malicious codes ‘escape’ the sandbox and execute arbitrary commands on an affected device.”

The good news is that the issue was discovered in October 2021, and Apple released a fix for it in May of 2022 in the Big Sur 11.6.6 update.

Even if you’ve disabled auto updates and are leery about applying OS patches to your system, this one deserves a place on your list.  It’s not an incredibly technical exploit, which means that most any hacker could pull it off. The longer you leave your system unpatched, the more danger you’re in.

Kudos to the Microsoft team and to Arsenii Kostromin for discovering and then promptly responsibly reporting the issue, and to Apple for moving with some haste to release a patch.