Tag: ‘actively
PSA: Make Sure to Update, iOS 16.5, iPadOS 16.5, and macOS 13.4 Address These Three Actively Exploited Vulnerabilities
According to Apple’s security support documents for iOS and macOS, the updates fix three WebKit vulnerabilities. Two of these issues were addressed in the prior iOS 16.4.1 and macOS 13.3.1 Rapid Security Response updates and are not an issue if you updated, but a third vulnerability is still active until you install the latest updates.
The WebKit security flaw could allow an attacker to break out of the Web Content sandbox, an issue that Apple fixed with improved bounds checks. Apple says that it is aware of a report that this issue may have been actively exploited.
The other two WebKit vulnerabilities were related to processing maliciously crafted web content that could allow for the disclosure of sensitive information or arbitrary code execution.
This article, “PSA: Make Sure to Update, iOS 16.5, iPadOS 16.5, and macOS 13.4 Address These Three Actively Exploited Vulnerabilities” first appeared on MacRumors.com
Discuss this article in our forums
Microsoft releases optional fix for actively exploited Secure Boot vulnerability
Microsoft’s latest Patch Tuesday updates are out for Windows 11 and Windows 10 with several fixes for two operating systems. In the case of Windows 11, the KB5026372 cumulative update introduces no less than 20 changes that improve the user experience as well as fixes for 38 security vulnerabilities and…
iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1 Fix Actively Exploited Vulnerabilities
According to Apple’s security support documents for iOS and macOS, the new software includes fixes for two separate vulnerabilities, both of which were known by Apple to have been actively exploited in the wild.
The IOSurfaceAccelerator vulnerability could allow an app to execute arbitrary code with kernel privileges. Apple addressed the out-of-bounds write issue with improved input validation. The WebKit vulnerability could allow maliciously crafted web content to execute code. Apple fixed this issue with improved memory management.
Google’s Threat Analysis Group and Amnesty International’s Security Lab are credited with finding and reporting both issues to Apple.
Apple has also released a new Safari 16.4.1 update for macOS Monterey and macOS Big Sur, which likely addresses the WebKit vulnerability.
This article, “iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1 Fix Actively Exploited Vulnerabilities” first appeared on MacRumors.com
Discuss this article in our forums
PSA: Make Sure to Update Older Devices to iOS 15.7.4 to Fix Actively Exploited Vulnerability
According to Apple’s release notes for the security update, it addresses a long list of vulnerabilities, including a WebKit vulnerability that was known to be actively exploited. From Apple’s security support document:
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Note that those running iOS 16 and iPadOS 16 do not need to worry about this exploit as it was previously fixed in iOS 16.3.1. The update also fixes other WebKit vulnerabilities that were not actively exploited, plus it fixes security issues with Calendar, Camera, Find My, and more.
iOS 15.7.4 and iPadOS 15.7.4 are available for all iPhone 6s models, all iPhone 7 models, the first-generation iPhone SE, the iPad Air 2, the fourth-generation iPad mini, and the seventh-generation iPod touch.
This article, “PSA: Make Sure to Update Older Devices to iOS 15.7.4 to Fix Actively Exploited Vulnerability” first appeared on MacRumors.com
Discuss this article in our forums
PSA: Make Sure to Update Soon, macOS Ventura 13.2.1 and iOS 16.3.1 Address Actively Exploited Vulnerability
According to Apple’s security notes for the updates, The software fixes a WebKit issue that could allow maliciously crafted web content to result in arbitrary code execution. Apple says that it is “aware of a report that this issue may have been actively exploited.”
The vulnerability was a type confusion issue that Apple says has been addressed with improved checks.
While there are no other notable fixes in macOS Ventura 13.2.1, the iOS 16.3.1 update adds a Siri Find My fix, addresses a problem with iCloud settings, and introduces additional Crash Detection optimizations for iPhone 14 models.
This article, “PSA: Make Sure to Update Soon, macOS Ventura 13.2.1 and iOS 16.3.1 Address Actively Exploited Vulnerability” first appeared on MacRumors.com
Discuss this article in our forums
Stack Overflow Survey Finds 74% of Developers are ‘Actively’ Looking or ‘Open to’ a New Job
Almost three-quarters (74%) of developers are actively looking for new roles or are open to fresh opportunities, according to research…. The highest percentage of active job seekers is in the 20-24 year-old cohort (27%), with 21% for 25-34 year-olds, 17% for 35-44 year-olds, and only 12% for 45-54 year-olds.
Additionally, the percentage of younger developers actively searching for their next role increased nine points year over year, according to the survey of 2,600 developers by StackOverflow….
Some 54% of respondents to the StackOverflow survey said a better salary is the largest motivator when considering a new opportunity. The biggest factors that stop developers from looking for new jobs are flexibility (58%), salary (54%), and learning opportunities (54%). Developers also want flexibility and the option to work from home, with 46% citing starting/ending the day at a precise time or being expected to work from an office (44%) as the top drawbacks in their current roles.
“Regardless of the economy, it’s clear salary is important but it’s not everything,” says StackOverflow CEO Prashanth Chandrasekar.
Read more of this story at Slashdot.
Apple Fixes ‘Actively Exploited’ Zero-Day Affecting Most iPhones
In a disclosure to its security updates page on Tuesday, Apple said the update fixed a flaw in WebKit, the browser engine that powers Safari and other apps, which if exploited could allow malicious code to run on the person’s device. The bug is called a zero-day because the vendor is given zero days notice to fix the vulnerability. Apple said security researchers at Google’s Threat Analysis Group, which investigates nation state-backed spyware, hacking and cyberattacks, discovered and reported the WebKit bug.
Apple said in its Tuesday disclosure that it is aware that the vulnerability was exploited “against versions of iOS released before iOS 15.1,” which was released in October 2021. As such, and for those who have not yet updated to iOS 16, Apple also released iOS and iPadOS 15.7.2 to fix the WebKit vulnerability for users running iPhones 6s and later and some iPad models. The bug is tracked as CVE-2022-42856, or WebKit 247562. It’s not clear for what reason Apple withheld details of the bug for two weeks.
Read more of this story at Slashdot.
29% of Brits Are Actively Looking For Another Job As They’re Not Being Paid Enough To Combat The Rising Cost of Living
The UK’s startup sector is navigating through a period of severe turbulence following a steep drop in valuations in H1 of 2022,…
The post 29% of Brits Are Actively Looking For Another Job As They’re Not Being Paid Enough To Combat The Rising Cost of Living appeared first on TechRound.