Apple Users Will Want To Update As Soon As Possible

Do you own a device running macOS Monterey 12.5.1, or iOS/iPadOS 15.6.1? If so, you’ll want to download and install the latest patches as soon as possible. Apple recently released a small but critical security update aimed at fixing a pair of serious vulnerabilities that could allow an attacker to execute arbitrary code on an unpatched device.

The two issues addressed by this patch are tracked as CVE-2022-32894 and CVE-2022-32893. The former is a flaw that allows an attacker to gain kernel-level privileges and execute arbitrary code. The second is a WebKit flaw that allows poisoned web pages to run arbitrary code. If you’re not familiar with it, WebKit is the platform that Apple’s Mail app, Safari, and all of its iOS web browsers rest on. Don’t expect much in the way of details from the patch release notes. You won’t find any. The only thing the latest security update does is patch to close these two security flaws.

If you own an Apple watch, also be aware that watchOS 8.7.1 has also been recently released, though when it was released, it was done without accompanying patch notes so we’re not certain whether or not this release is related to the security flaws referenced above or not.

While Apple has already fixed the issues with Monterey, some older versions of MacOS have yet to be patched. It is not currently known whether these versions are vulnerable or not, so be sure to keep an eye out for new releases if you are running older versions of MacOS.

New Version Releases For iOS Devices

Apple has recently announced a new string of updates for their OS family including iOS, iPadOS 15.6, macOS 12.5, watchOS 8.7 and tvOS 15.6.

Bear in mind that the next version of all of these will be out in just a few months, so these updates are a bit light on features as compared to others we’ve seen from the tech giant.

Here’s a quick overview of what you’ll find in the operating systems in question:

  • For macOS, you’ll get an update to the TV app that allows you to pause, rewind, restart, and fast forward a live sports game. It also includes a bug fix for your Safari browser.
  • For iOS and iPad OS 15.6, you’ll get the same TV app upgrade described above and a handful of bug fixes for Settings, Safari, and Mail.
  • The watchOS 8.7 includes a raft of minor bug fixes and a couple of important security updates you won’t want to miss.
  • And the tvOS gets a slate of general performance and stability improvements.

All of this is in addition to the usual security updates that accompany updates like these. Of interest, Apple specifically did not specify which of the bug fixes they released were actively being exploited in the wild.

Note that if you have an Apple TV or an iWatch, those are almost certain to be set to automatically update.  If you’re using an iPad and your device doesn’t update automatically, just head to Settings, General, and Software Update to get the latest.

Finally, if you’re using a mac and it isn’t set up to get updates automatically, you can get the latest by heading to Apple Menu, System Preferences, and Software Update.

By the time you read this piece, all of the updates should be available for everyone, so install at your convenience.

Simple Tips For Securing Smart Device Data

Data security isn’t something that’s at the forefront of most people’s minds, but it probably should be.  These days, we use far more than just our trusty laptops and desktops to do real, meaningful work.  Most people have a plethora of devices they tap into on a regular basis and take with them wherever they go.

From smart phones to smart watches and more, the average person has no less than four different devices they can and often do use to get stuff done.

How safe are they?  Probably not as safe and secure as you’d like.

Here are some simple ways to fix that:

1 – Software Solutions

There are a number of these, but BitDefender is a solid choice.  The great thing about BitDefender is that you can hook up to fifteen different devices to it per household, and it comes with a suite of tools designed to help keep your smart devices safe.

2 – Develop Good Password Habits

Yes, it can be easy to use the same password across multiple devices and multiple web properties you use on a regular basis.

Resist the lure of easy.  Unfortunately, easy makes you a target.  Even though it’s more trouble, take the time to develop good and robust passwords. Use a different password on every device.

Here, password vaults can be your best friend because it helps automate the process and gives you less to remember.  It’s also worth employing two-factor authentication (2FA) everywhere it’s offered. Again, it adds an extra step to your logon process, but it’s time well spent for the added security it provides.

3 – Learn to Be a Savvy Email User

Don’t click on any links embedded in any email you receive, even if you think you know the sender.  The sender’s address could be spoofed.

Similarly, don’t open an email attachment unless you’ve verified that it’s legitimate and that someone you trust has sent it to you.  Phishing emails are among the most common way that hackers gain access to systems they target.  Don’t be their next victim!

These three things do take a bit of time to set up and get working but it’s time well spent, and it will make all the smart devices you rely on significantly more secure.  That’s a very good thing.

Update Google Chrome Soon To Fix Multiple Security Issues

Are you a Google Chrome user?  If so, be aware that the company recently released a stable version of Chrome 102 and is urging all users of its browser to update right away. The latest release contains a total of 32 security fixes on Windows, Mac and Linux.

Of the 32 flaws addressed, eight are high-severity, nine are medium, seven are low-severity and one is critical.  The critical flaw, tracked as CVE-2022-1853, is a “user after free in IndexedDB” which is an interface where data is stored in a user’s browser.

Details about the bug or how hackers could exploit it is limited. Pieter Arntz is a security researcher at Malwarebytes, and according to them, a hacker could exploit the flaw by creating a poisoned website that would take over the visitor’s browser by manipulating the IndexedDB.

None of the flaws addressed in Chrome 102 are “Zero Day” issues, meaning flaws that were exploited before Google released the patch to address the flaw.  Even so, many people are somewhat slow to update their browser, and if you are one of them, then you could be in for a world of headaches if a hacker sets their sights on your system.

You can get Chrome 102 for Windows, Mac, and Linux right now. In case you weren’t aware, normally Chrome is updated every four weeks but the extended release gains an additional four weeks by Google back-porting important security fixes to it.

Also be aware that an extended stable release is updated every eight weeks.  Grab yours today and kudos to Google for their tireless work!  Last year, Google’s Project Zero team counted a total of 58 Zero-Day exploits for popular software, with twenty-five of these impacting web browsers.

Be Aware That ChromeLoader Malware Is Picking Up Steam

A browser hijacker called “ChromeLoader” has had a large uptick in detections this month, which is raising eyebrows among security professionals.

ChromeLoader can modify a victim’s web browser settings to show search results that promote unwanted (and usually spammy) software, annoying pop-up ads, fake giveaways, adult games, dating sites, surveys, and the like.

As malware goes, there are far worse strains out there.  Rather than infect you with malicious code that locks all your files or installs other destructive forms of malware, this one will see you flooded with scammy or spammy offers. It will  frustrate you by forcing you to click through a sea of ads you’d rather not see, all in a bid to make a bit of coin for the malware’s owners.

It is noteworthy mostly because of its persistence and its aggressive use of Powershell, which it abuses like few other malware strains do.  Even worse, the owners of the malicious code have recently released a variant that specifically targets macOS users, so if you thought you were safe because you were using a Mac, think again.

While we wish that all malware strains were as relatively harmless as this one, that doesn’t mean it isn’t a threat or that you shouldn’t take it seriously.  While it’s not as destructive as most of the malware strains that make the headlines, it’s still a genuine concern that can cause you innumerable headaches.

If you start to see an unusual number of popup ads or if your computer has a scary preference for porn and gaming sites, odds are good that you’ve been infected. It may appear like your computer has a life of its own. If you see those things, the problem won’t go away on its own and you should get your machine to a tech as soon as possible.