Tag Archives: Apple

Posted on Author Atlantic Computer Services Categories Blog

Update Addresses Zero Day Exploit For Some Apple Devices

If you’re not familiar with the term, a Zero Day exploit is a security flaw that the software vendor is not aware of and hasn’t yet patched.

In many (but not all) cases, Zero Day Vulnerabilities will also have publicly available proof-of-concept exploits before a patch becomes available.  Quite often, these flaws are being actively exploited in the wild.

Apple has recently released a security update to address one of these types of flaws that impact Macs and Apple Watches.

In this case, the flaw in question is tracked as CVE-2022-22675. It is an out-of-bounds write issue that allows apps to execute arbitrary code.  That’s bad enough all by itself, but in this case, it allows an attacker to execute that code with kernel level privileges.

The flaw impacts all macOS Big Sur versions before 11.6 and tvOS devices before 15.5.

So far in 2022, Apple has released security patches addressing five different Zero Day exploits.

Here’s a quick summary of those:

  • CVE-2022-22587, which allowed attackers to track user IDs and web browsing activity in real time
  • CVE-2022-22594, which did the same thing as above
  • Then, CVE-2022-22620 was discovered and addressed, which is an exploit used to hack iPads, iPhones, and Macs. This exploit allowed remote code execution and can cause OS crashes
  • And in March 2022, two other exploits were addressed. The first, tracked as CVE-2022-22674, is a flaw impacting the Intel Graphics Driver and the second, tracked as CVE-2022-22675, impacted the AppleAVD media decoder.

These five join a long list of Zero-Day exploits the company patched in 2021 that targeted iOS, iPadOS, and macOS devices.

Kudos to the company for their fast action on the Zero-Day front, although the pace of discovery of these types of exploits is distressing to say the least.

In any case, if you own a Mac or an Apple device that uses tvOS, be sure you patch to the latest version right away to minimize your risk.

0
Posted on Author Atlantic Computer Services Categories Blog

Say Goodbye To The Apple iPod

It is the end of an era.  Apple recently announced that they were discontinuing the legendary iPod, which is now in its 7th generation of production.

When first released more than fifteen years ago, the iPod was an instant smash hit that almost singlehandedly created the digital music industry, moving it from the shadowy frontier of P2P file sharing services to mainstream respectability.

That’s not bad for a device that costs just under two hundred bucks.

If you don’t yet have an iPod but you feel like you want one, the time to act is now before they’re gone.  Although the company has stopped manufacturing new iPods, you can still buy one while supplies last. In case you weren’t aware, the latest version of the iPod is more than just a simple music player – it’s also a surprisingly good digital camera and can even be used as a handheld gaming device.

The 7th generation iPod was released in May of 2019. It sports a fairly powerful A10 Fusion chip paired with a four-inch Retina display and boasts up to 256 GP of storage space.

Apple seldom provides details about why they’ve decided to cancel a given product and they’ve kept with that tradition here, but the reasons are easy enough to guess.  Apple was hit particularly hard by the supply chain issues the pandemic caused and given the increase in the capabilities of today’s smartphones, the iPod was increasingly relegated to niche product status.

Even so, it’s a good product and surprisingly versatile.  About the only thing you can’t do on it is make phone calls. If that sounds like something you’d be interested in owning, you still have a small window of opportunity to pick one up before they’re gone for good.

Farewell, iPod.  You were ahead of your time, and you will be missed.

0
Posted on Author Atlantic Computer Services Categories Blog

Three Big Companies Working On Passwordless Login Options

Ask just about any IT security professional and they will tell you that weak user passwords are one of the biggest problems and most persistent threats to corporate networks.

Despite years of training, re-training, and near-constant reminders to strengthen passwords, users keep making the same mistakes.

They’ll re-use the same password across multiple properties. They may use an incredibly weak and easy to guess password that makes it easy for hackers to break in using simple brute force attacks against their accounts.

If passwords were to simply go away and be replaced by something better, legions of IT security folks would breathe a tremendous sigh of relief.

If Apple, Google, and Microsoft have anything to say about the matter, that is soon to be a reality.  All three companies are hard at work on a variety of passwordless schemes. If their plans remain on track, we’ll get to see the fruits of their labor sometime next year.

The three companies are currently working to implement passwordless FIDO sign-in standards across Android, Chrome, iOS, macOS, Safari, Windows, and Edge.  Taken together, those systems and software packages account for some 90 percent of network traffic today. It won’t be long now before the devices users employ will store a FIDO credential, dubbed a passkey, which is used to unlock your device and access all of your online accounts.

The passkey scheme is substantially more secure than a simple password because it’s protected with powerful cryptography and only shown to your online account when you unlock your device.  Contrast that with passwords, which leave users vulnerable to all manner of phishing schemes and are subject to being weakened by bad habits developed by the users themselves.

All of that is good news but it should be noted that we haven’t seen it in action yet. Even after the Big Three finish their work, there’s still the considerable task of implementing the use of the new passkeys into websites and other applications. It will be a while yet, but the good news is change is coming.

0
Posted on Author Atlantic Computer Services Categories Blog

Apple Released Zero Day Hack Fix For Devices And Computers

If you’re an Apple user and you have an iPhone, a Mac, or both, you’ll want to grab the company’s most recent security update.

The latest release pushes out fixes for a pair of zero-day vulnerabilities that researchers have seen actively exploited in the wild.

The flaws in question are being tracked as CVE-2022-22674 and CVE-2022-22675 respectively. The former is an out-of-bounds write issue in an Intel Graphics driver and the latter is an out-of-bounds-read issue in the AppleAVD media decoder that would allow an attacker to execute arbitrary code with kernel privileges.

Impacted devices include the iPhone 6S and newer, the iPad Pro (all models), the iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and the iPod Touch (7th generation).  Also note that users with Macs running macOS Monterey are at risk.

To make sure you’re protected download and install the iOS 15.4.1, the iPadOS 15.4.1, or the macOS Montery 12.3.1 update as appropriate for your device.

It’s still early in 2022 and so far, Apple has pushed out three zero-day patches this year resolving a total of five different zero-day issues.

In January 2022, the company’s first zero-day patch was pushed out resolving CVE-2022-22587 and CVE-2022-22594. Those allowed attackers to execute arbitrary code with kernel privileges and track web browsing activity in real time.

Then in February, Apple released another patch to address a new zero-day exploit that allowed attackers to hack iPhones, iPads, and Macs, leading to OS crashes and arbitrary code execution.

It appears 2022 is shaping up a lot like 2021.  Last year, Apple faced a seemingly endless stream of zero-day exploits and spent much of the year busily pushing fixes out the door.  Here’s hoping this year will be at least somewhat calmer on that front!

0
Posted on Author Atlantic Computer Services Categories Blog

Upgrade Now To Fix iPhone Battery Issues

Do you have an iPhone?  If so, are you running IOS 15.4?  If you are, you may have noticed an unusual power drain on your battery that’s dramatically shortening the life per charge.  That’s the kiss of death for any handheld device and if you’re experiencing the issue, you’re not alone.

The good news is that Apple just issued a fix in the form of IOS 15.41.  Don’t let the relatively small size of the update fool you.

Though it weighs in at just over 313 MB, this is an update you won’t want to miss.  Not only does it fix the unexpected battery drain issue, but it’s packed with other cool fixes. They include a fix for braille devices that become unresponsive while navigating text or displaying certain alerts.  The latest update also fixes a problem with “Made for iPhones” hearing devices that would sometimes lose connection with third-party apps.

Granted, the other bug fixes are only applicable and important to a relatively small slice of the mammoth iPhone market but for those users who were impacted the effect was enormous. So this is a welcome patch indeed.

It’s also worth mentioning that not everyone who updated to 15.4 experienced the mysterious battery drain issue, so you may not have noted any real difference.  If you did however and it has been a source of frustration for you the fix is here and ready to be downloaded at your earliest convenience.

Kudos to Apple for moving quickly on all three issues.  There’s a reason that Apple’s customers tend to behave more like fans and the company’s prompt attention to issues like this is a big part of why.  No matter what business you’re in take a lesson from the folks at Apple.  They’re obviously not perfect but they get a lot right and they get it right consistently.  Bravo!

0
1 2 3 4 5 18