Another day another day From your nagging iPhone And Mac update is ready. From Chrome. And for Microsoft, it’s Patch Tuesday, so this is another round of installation on your plate. Although it may be tempting to kick these down on the road-Why not wait iOS 15 Within a few weeks?-You will want to continue to do this.
Yes, this is a standard recommendation; of course, you should keep your software as up-to-date as possible.You can even Turn on automatic updates for all content And skip manual maintenance. But if you haven’t, today is a particularly good day, because Apple, Google, and Microsoft have all launched security fixes for vulnerabilities actively exploited by hackers in the past two days.it is Zero day Repair the event, you don’t want to ignore your invitation.
Update your iPhone, Mac and Apple Watch
The biggest headline in this group is An exploit chain called ForcedEntryAccording to reports, the attack is related to the notorious spyware broker NSO Group. The attack was first exposed in August when the Citizen Lab at the University of Toronto revealed that it had discovered “Zero Click” Attack, It does not require the interaction of targets to control and is deployed against human rights activists.Amnesty International Established Similar forensic traces of NSO Group malware in July.
You may be wondering: If these attacks were reported a few weeks ago-and the attacks have been active since at least February-why are the fixes available now? At least to some extent, the answer seems to be that Apple has been dealing with incomplete information until September 7, when Citizen Lab discovered more details about the ForcedEntry vulnerability in the phone of Saudi Arabian militants. They determined that ForcedEntry not only targets Apple’s image rendering library, but also affects macOS and watchOS other than iOS. On September 13, Apple pushed fixes for these three.
“We would like to commend Citizen Lab for successfully completing the arduous work of obtaining samples of this vulnerability, so we can quickly develop this fix,” Ivan Krstić, Apple’s head of security and engineering, said in a statement. “Attacks like the one described are very complex, cost millions of dollars in development, usually have a short shelf life, and are used to target specific individuals. Although this means they will not pose a threat to the vast majority of our users, we will continue Protect all customers tirelessly and continue to add new protections to their devices and data.”
This is not just a spin; indeed, only a very small number of Apple customers face the risk of NSO Group malware landing on their phones. A basic rule of thumb: If an authoritarian government wants to read your text for any reason, you may be in danger. So, if it is you, you must patch it now, but also know that the next million-dollar vulnerabilities are always just around the corner.
Even if you are not a dissident, there is value in pushing for this update. Now that some details have been announced, less picky scammers may try to attack the same weakness. Again, it is good hygiene to keep your software as up-to-date as possible.
Fortunately, ensuring that your iOS, macOS and watchOS software are up to date is very simple.On your iPhone or iPad, go to Settings> General> Software Update. Tap Download and install Install iOS 14.8 on your device, then go ahead and switch automatic download and installation. Please note that unless your phone is charged and connected to Wi-Fi overnight, there will be no automatic updates.You can also update your Apple Watch from your iPhone; go to the Watch app and click My watch Tab, then General> Software Update. From the watch itself, tap Settings> General> Software Update. For macOS, go to the Apple menu and click System Preferences> Update Now.
Sorry, fans of Microsoft, you are also in trouble. A week ago, the company disclosed that a zero-day vulnerability in Windows is being actively exploited. The flaws in MSHTML (the rendering engine used by Internet Explorer and Microsoft Office) have been circulating among cybercriminals, rather than NGO Groups selling their vulnerabilities to nation-state participants.
The company stated in a security bulletin last week: “Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially crafted Microsoft Office documents.” If you open a tainted Office file, hackers can gain access. Allow them to execute commands on your computer remotely.Although Microsoft initially detailed some methods that can prevent successful attacks even without a patch, security researchers Figured it out soon How to beat these workarounds. Not only that, as the security news site Bleeping Computer Report This week, in the days leading up to the patch release, hackers have been actively sharing detailed information on how to exploit the vulnerability on the forum.