Removed the ability to downgrade from iOS 18.3.1 to 18.3
Tuesday, February 18, 2025
Wednesday, February 12, 2025
Android February 2025 Security Update
Google has warned of 50 cyber security flaws fixed in the February 2025 Android security update.
https://source.android.com/docs/security/bulletin/2025-02-01
Google Pixel phones should show the update available.
Other manufacturers will offer the update later if the Android device is capable of the update.
Microsoft Windows Patch Tuesday February 11, 2025
Microsoft released patches/fixes for 63 vulnerabilities for the February 11 patch Tuesday.
A total of 141 vulnerabilities, 4 critical, 2 currently being exploited.
This should indicate the potential for significant impact if exploited.
Monday, February 10, 2025
Apple Updates 10-Feb-2025
Updates to iOS 18.3.1, iPadOS 18.3.1, macOS 15.3.1, tvOS 18.3.1, watchOS 11.3.1, and others likely to follow.
Updates to iOS 17, macOS 14, and macOS 13 released as well.
This update addresses security vulnerabilities in USB restricted mode and other vulnerabilities. Apple does not provide much detail on the vulnerabilities addressed, which might indicate the severity of the vulnerabilities.
Tuesday, January 28, 2025
Apple Updates Apple Intelligence Apple Security Patches
Apple updated most of its software products January 27, 2025.
Updates: iOS 18.3, iPadOS 18.3, macOS 15.3, watchOS 11.3, tvOS 18.3, HomePod 18.3, visionOS 2.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, iPad17.7.4
With this update Apple Intelligence is On by default for supported devices.
To disable Apple Intelligence on iOS 18.3, iPadOS 18.3, and macOS 15.3 Settings > Apple Intelligence & Siri then toggle Apple Intelligence.
This update also addresses several security flaws, including a 0-day actively being exploited in the wild. Other security issues include five security issues in AirPlay, 3 vulnerabilities in CoreAudio. A total of 29 vulnerabilities including WebKit the engine that underpins the Safari browser.
Tuesday, January 14, 2025
Tuesday, January 7, 2025
Flash Drive Capacity LIES
BE AWARE
Many cheap flash and SSD drives lie about their capacity.
Not malicious lies, just that the semiconductor cells may not have passed all quality control.
This was covered in the January 6, 2025 Cyber Security presentation recording.
The slides concerning this issue:
Monday, January 6, 2025
Friday, January 3, 2025
DoubleClickjacking is a sophisticated form of clickjacking that exploits a double-click sequence to bypass existing security measures. Here's a brief overview of how it works and why it's concerning:
How DoubleClickjacking Works
Initial Setup: The attacker creates a website with a button that opens a new window.
Prompting Double-Click: When the user clicks the button, a new window opens, prompting the user to double-click.
Manipulating Windows: During the double-click sequence, the attacker manipulates the timing and event sequence to replace or close the top-level browser window.
Unauthorized Actions: The second click unknowingly authorizes a malicious action, such as granting access to sensitive information or authorizing a transaction.
Why It's Dangerous
DoubleClickjacking is particularly dangerous because it can bypass modern web browsers' clickjacking protections by exploiting the brief interval between clicks. This makes it difficult to detect and prevent, leaving many online platforms vulnerable
Real-World Impact
Account Takeovers: Attackers can take over user accounts by authorizing malicious applications.
Unauthorized Actions: Users may inadvertently change critical account settings or initiate financial transactions.
Platforms Affected: Major websites relying on OAuth for account authorization, such as Salesforce, Slack, and Shopify, are vulnerable to this attack.
Subscribe to:
Posts (Atom)