Apple security problem! Patch your systems urgently
Apple security problem! Patch your systems urgently
"Apple devices get urgent patch for zero-day exploit – update now!"
Or, in layman's terms
"Crooks have found a way to trick your browser into giving them access to private data they aren’t supposed to see, and as far as we know they are already abusing this bug to do bad things."
More details here.
Or, in layman's terms
"Crooks have found a way to trick your browser into giving them access to private data they aren’t supposed to see, and as far as we know they are already abusing this bug to do bad things."
More details here.
Former member of the Cult of the Polystyrene Head Carbuncle.
Re: Apple security problem! Patch your systems urgently
Thanks for the heads-up.
For everyday purposes and nonexperts... patch here means Software Update, and your devices should now be notifying you.
Jonathan
For everyday purposes and nonexperts... patch here means Software Update, and your devices should now be notifying you.
Jonathan
- Ride-sleep-repeat
- Posts: 382
- Joined: 24 Nov 2020, 11:58am
Re: Apple security problem! Patch your systems urgently
I always have mine set to auto update.
Re: Apple security problem! Patch your systems urgently
Auto update can sometimes take several days to pick up the update and install it.
An update such as this should really be installed as soon as possible.
An update such as this should really be installed as soon as possible.
Re: Apple security problem! Patch your systems urgently
Just checked my MacBookAir this very minute.
No updates available.
No updates available.
Mick F. Cornwall
Re: Apple security problem! Patch your systems urgently
Just checked my iPhone 6s.
It's updating to IOS 14.4.2
It's updating to IOS 14.4.2
Mick F. Cornwall
Re: Apple security problem! Patch your systems urgently
Mick F wrote:Just checked my MacBookAir this very minute.
No updates available.
It’s an iOS exploit that is being patched so not relevant to your MacBook.
Re: Apple security problem! Patch your systems urgently
Yes. I realise that, but I still checked.
What are the people trying to steal?
Private data?
Who has "private data" on a mobile phone?
What are the people trying to steal?
Private data?
Who has "private data" on a mobile phone?
Mick F. Cornwall
Re: Apple security problem! Patch your systems urgently
Mick F wrote:Yes. I realise that, but I still checked.
What are the people trying to steal?
Private data?
Who has "private data" on a mobile phone?
A phonebook/contacts data is "private data" surely?
Photos, voice messages etc etc
Take a browse through all the installed apps and see how much data they hang on to.
Then of course if you use it for interwebs there's probably tons of other stuff too.
The question probably need rephrasing as "who doesn't have private data on a mobile phone"...
(Yes, we all know who that person is. )
Re: Apple security problem! Patch your systems urgently
Mick F wrote:Yes. I realise that, but I still checked.
What are the people trying to steal?
Private data?
Who has "private data" on a mobile phone?
You have names numbers, text messages, call records - browsing history...
It's personally identifying as much as private in the traditional sense of that word.
For those who (quite reasonably) don't want to click on obscured links:
https://nakedsecurity.sophos.com/2021/0 ... pdate-now/
A shortcut has to be a challenge, otherwise it would just be the way. No situation is so dire that panic cannot make it worse.
There are two kinds of people in this world: those can extrapolate from incomplete data.
There are two kinds of people in this world: those can extrapolate from incomplete data.
Re: Apple security problem! Patch your systems urgently
[XAP]Bob wrote:Mick F wrote:Yes. I realise that, but I still checked.
What are the people trying to steal?
Private data?
Who has "private data" on a mobile phone? :shock:
You have names numbers, text messages, call records - browsing history...
It's personally identifying as much as private in the traditional sense of that word.
For those who (quite reasonably) don't want to click on obscured links:
https://nakedsecurity.sophos.com/2021/0 ... pdate-now/
And then people often sync their passwords (e.g. so they can log on to Amazon from their phone to track their package) which means website passwords ... Some people do online banking ...
For many mobile devices are replacements for desktops/laptops. When I travel/tour I only take iPad & iPhone (no laptop) and when away for quit a few months you do want to log on to web sites to update your blog, order a birthday present for somebody (and have it delivered to them), etc.
Ian
Re: Apple security problem! Patch your systems urgently
The Apple version, which will no doubt get expanded upon later...
https://support.apple.com/en-us/HT212256
It's "only" an XSS vulnerability, so it's a case of being able to read cookies (which will include data about usage of certain sites, usernames, and in some cases auth tokens, but should not include passwords (at least not for any reputably written site)).
More info on XSS - https://medium.com/@laur.telliskivi/pen ... 672e4738b2
I used only in quotes, because it's not a remote code execution bug, and it doesn't allow further escalation of privilege. It's serious enough to need a "single bug" patch, which has been released for all iOS devices dating back to 2013!
That's not a level of support you get with any other phone vendor or mobile os...
https://support.apple.com/en-us/HT212256
It's "only" an XSS vulnerability, so it's a case of being able to read cookies (which will include data about usage of certain sites, usernames, and in some cases auth tokens, but should not include passwords (at least not for any reputably written site)).
More info on XSS - https://medium.com/@laur.telliskivi/pen ... 672e4738b2
I used only in quotes, because it's not a remote code execution bug, and it doesn't allow further escalation of privilege. It's serious enough to need a "single bug" patch, which has been released for all iOS devices dating back to 2013!
That's not a level of support you get with any other phone vendor or mobile os...
A shortcut has to be a challenge, otherwise it would just be the way. No situation is so dire that panic cannot make it worse.
There are two kinds of people in this world: those can extrapolate from incomplete data.
There are two kinds of people in this world: those can extrapolate from incomplete data.
Re: Apple security problem! Patch your systems urgently
[XAP]Bob wrote:The Apple version, which will no doubt get expanded upon later...
https://support.apple.com/en-us/HT212256
It's "only" an XSS vulnerability, so it's a case of being able to read cookies (which will include data about usage of certain sites, usernames, and in some cases auth tokens, but should not include passwords (at least not for any reputably written site)).
More info on XSS - https://medium.com/@laur.telliskivi/pen ... 672e4738b2
...
That is interesting as over the last few months I've seen a massive increase in XSS "attacks" on my own web site. Mainly coming through domestic ISPs in India, though recently Korea (South) been doing more and "the usual players" from the US (China and Russia are geo-blocked from my site as they are just a continual hack nuisance).
Ian
Re: Apple security problem! Patch your systems urgently
kwackers wrote:The question probably need rephrasing as "who doesn't have private data on a mobile phone"...
Yes.
Jonathan
Re: Apple security problem! Patch your systems urgently
Contacts list?kwackers wrote:A phonebook/contacts data is "private data" surely?
Photos, voice messages etc etc
Take a browse through all the installed apps and see how much data they hang on to.
Then of course if you use it for interwebs there's probably tons of other stuff too.
The question probably need rephrasing as "who doesn't have private data on a mobile phone"...
(Yes, we all know who that person is. )
Names and telephone numbers. How do you know that the other people on the list keep it "private"? If you want to look at my contacts list, help yourself.
Photos?
Just about every one I've taken with my phone - and my digital camera - are on here for public viewing. Others are saved on external drives and wiped off my phone.
Rarely use my phone for the internet. Too small a screen to be of any use.
Never use email on it as I don't have an email account on the phone.
I have an old iPhone5c which knocks spots off my iPhone6s but it's no longer supported. I sometimes swap my sim over to use the 5c as it fits in a pocket far easier.
Mick F. Cornwall