Another day, another day nag of your Iphone And Mac that the update is ready. It is chrome. And for Microsoft, it’s Tuesday, so here’s another round of installs on your board. It can be tempting to kick these things on the road –Why don’t you just wait iOS 15 In a few weeks? You’ll want to go ahead and get it done.
Yes, this is standard advice; Of course, you should keep your software as up-to-date as possible. You can even Turn on automatic updates for everything And skip manual maintenance. But if you haven’t, today is a particularly good day to be on top of it, because Apple, Google, and Microsoft have all pushed security fixes in the past couple of days for vulnerabilities that hackers are actively exploiting. that it zero day Patching is cool, and you don’t want to ignore your invitation.
Update iPhone, Mac, and Apple Watch
The biggest headlines in the group were The exploit chain known as ForcedEntry. Said to be linked to the popular spyware broker NSO Group, the attack first emerged in August, when Citizen Lab at the University of Toronto revealed it had found evidence of Zero-click attacks, which does not require any interaction from the target to take root, is being posted against human rights activists. AI have found Similar criminal effects to the NSO Group malware in July.
You might rightly ask: If these attacks were reported a few weeks ago – and the attack has been active since at least February – why is the fix only available now? The answer, at least in part, appears to be that Apple was working with incomplete information until September 7, when Citizen Lab discovered more details of a ForcedEntry exploit on an activist phone from Saudi Arabia. They confirmed not only that ForcedEntry targeted Apple’s photo viewing library, but they confirmed that it affected macOS and watchOS as well as iOS. On September 13, Apple pushed out fixes for all three.
“We would like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we can quickly develop this fix,” Apple Chief of Security and Engineering Ivan Krstic said in a statement. “Attacks like the ones described are extremely complex, cost millions of dollars to develop, often have a short lifespan, and are used to target specific individuals. While this means they do not pose a threat to the vast majority of our users, we continue to work tirelessly to defend all of our customers, We are constantly adding new protections for their devices and data.”
This is not just a spin. It is true that very few Apple customers are at risk of getting NSO Group malware on their phones. A basic rule of thumb: If there was any reason an authoritarian government might want to read your texts, you could be in danger. So, definitely get it right now if that’s you, but also know that your next million dollar tap is always right around the corner.
Even if you’re not an opponent, there’s value in pushing this update. Now that some details have been revealed, there is a possibility that less savvy scammers will try to attack the same vulnerability. And again, it’s a good idea to keep your software as clean as possible.
Fortunately, making sure your iOS, macOS, and watchOS software is up to date is pretty simple. On your iPhone or iPad, head to Settings > General > Software Update. handle Download and install To get iOS 14.8 on your device, and while you’re there, switch between automatic downloads and installs. Just note that automatic updates will not take place unless your phone is charged and connected to Wi-Fi overnight. You can also update your Apple Watch from your iPhone; Head to the Watch app, tap my watch tab, then General > Software Update. From the same watch, tap Settings > General > Software Update. For macOS, head over to the Apple menu, then tap System Preferences > Update Now.
Sorry Microsoft fans, you’re in trouble too. A week ago, the company revealed that it was actively exploiting a vulnerability in the Windows operating system. Instead of nation-state actors selling their exploits to the NGO group, the flaw in MSHTML – the rendering engine used by Internet Explorer and Microsoft Office – has spread among cybercriminals.
“Microsoft is aware of targeted attacks that attempt to exploit this vulnerability using specially designed Microsoft Office documents,” the company said in a security bulletin last week. If you open a contaminated Office file, the hacker may gain access that allows them to execute commands on your machine remotely. And while Microsoft initially detailed some ways you can prevent a successful attack even without a patch, according to security researchers. popped quickly How to overcome those solutions. Not only that, but the security news site Bleeping Computer mentioned This week, hackers actively shared details on forums on how to exploit the vulnerability days before a patch was available.