It’s a Good Day to Update All Your Devices. Trust Us

Another day, another nag from your iPhone and Mac that an update is ready. And from Chrome. And for Microsoft, it’s patch Tuesday, so that’s another round of installs on your plate. As tempting as it may be to kick these down the road—why not just wait for iOS 15 in a few weeks?—you’ll want to go ahead and get these done.

Yes, this is standard advice; you should keep your software as up to date as possible as a matter of course. You could even turn on auto-updates for everything and skip the manual maintenance. But if you haven’t, today is an especially good day to be on top of it, because Apple, Google, and Microsoft have all pushed security fixes in the past two days for vulnerabilities that hackers are actively exploiting. It’s a zero-day patching extravaganza, and you don’t want to ignore your invite.

Update Your iPhone, Mac, and Apple Watch

The biggest headline-grabber of the bunch has been the exploit chain known as ForcedEntry. Reportedly tied to the notorious spyware broker NSO Group, the attack first came to light in August, when the University of Toronto’s Citizen Lab revealed that it had found evidence of “zero click” attacks, which require no interaction from the target to take hold, being deployed against human rights activists. Amnesty International found similar forensic traces of NSO Group malware in July.

You might rightly wonder: If these attacks were reported a few weeks ago—and the attack has been active since at least February—why is a fix only available now? The answer, at least in part, appears to be that Apple was working with incomplete information until September 7, when Citizen Lab discovered more details of the ForcedEntry exploit on the phone of an activist from Saudi Arabia. They ascertained not only that ForcedEntry targeted Apple’s image-rendering library, but that it affected macOS and watchOS in addition to iOS. On September 13, Apple pushed fixes for all three.

“We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly,” said Apple head of security and engineering Ivan Krstić in a statement. “Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”

That’s not just spin; it’s true that only a very small number of Apple customers are at risk of NSO Group malware landing on their phones. A basic rule of thumb: If there’s any reason an authoritarian government might want to read your texts, you might be at risk. So, definitely patch right now if that’s you, but also know that the next million-dollar exploit is always just around the corner.

Even if you’re not a dissident, there’s value in pushing this update through. Now that some of the details are out, there’s a chance that less discerning crooks might try to attack that same weakness. And again, it’s good hygiene to keep your software as up to date as possible.

Making sure your iOS, macOS, and watchOS software is up to date is fortunately pretty straightforward. On your iPhone or iPad, head to Settings > General > Software Update. Tap Download and Install to get iOS 14.8 on your device, and while you’re there go ahead and toggle on automatic downloads and installs. Just note that automated updates won’t go through unless your phone is charged and connected to Wi-Fi overnight. You can update the Apple Watch from your iPhone as well; head to the Watch app, tap the My Watch tab, then General > Software Update. From the watch itself, tap Settings > General > Software update. For macOS, head to the Apple menu, then click on System Preferences > Update Now

Update Windows

Sorry Microsoft fans, you’re on the hook as well. A week ago, the company disclosed that a zero-day vulnerability in Windows was being actively exploited. Rather than the nation-state actors that NGO Group sells its exploits to, the flaw in MSHTML—the rendering engine used by Internet Explorer and Microsoft Office—has been circulating among cybercriminals.

“Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents,” the company said in a security bulletin last week. If you open a tainted Office file, a hacker could get access that lets them execute commands on your machine remotely. And while Microsoft at first detailed some ways you could prevent a successful attack even without a patch, security researchers quickly figured out how to beat those workarounds. Not only that, but as security news site Bleeping Computer reported this week, hackers have actively been sharing details on forums about how to exploit the vulnerability for days before the patch was available.

Source: It’s a Good Day to Update All Your Devices. Trust Us

*This is a free press release. Upgraded press releases are ad-free!

UK’s first fusion technology centre provides Yorkshire jobs boost

A ground-breaking new fusion technology facility, which has the capability to test components in the simulated conditions of a fusion power plant, is now open and operating in South Yorkshire.The Advanced Manufacturing Park in Rotherham was chosen by the UK Atomic Energy Authority (UKAEA) as the ideal location for the new 25,000 sq. ft. fusion…

Read Press Release

Funeral Service Held in Covina for Marine Killed in Afghanistan

A U.S. Marine Corps carry team transfers the remains of Marine Corps Lance Cpl. Dylan R. Merola of Rancho Cucamonga, California, Aug. 29, 2021 at Dover Air Force Base, Delaware. Merola was assigned to 2nd Battalion, 1st Marine Regiment, 1st Marine Division, I Marine Expeditionary Force, Camp Pendleton, California. (Jason Minto/U.S. Air Force via Getty…

Read Press Release

Consumers Find Influencer Role Increasingly Attractive

Axios, Sunday, September 26, 2021 4:39 PM Brands are throwing billions of dollars at online content creators, so the number of people looking to become influencers has exploded during the pandemic. “Takumi, a premier influencer marketing agency, received twice as many applications from people looking for representation in 2020 then it did in 2019,” per…

Read Press Release

Best Oculus Quest 2 accessories for 2021 – CNET

The powerful and affordable Oculus Quest 2 has brought virtual reality as close as it’s ever been to the mainstream. Facebook’s VR gaming system is cable-free, which is essential for having a great VR experience. While prices for it start at $300 for the 64GB version, it’s pretty bare-bones and doesn’t include anything beyond the VR…

Read Press Release

Clyde Edwards-Helaire Of The Kansas City Chiefs Remains Inconsistent

Kansas City Chiefs running back Clyde Edwards-Helaire is tackled by Los Angeles Chargers defensive … [+] back Nasir Adderley on Sunday, Sept. 26, 2021 in Kansas City, Mo. (AP Photo/Ed Zurga) ASSOCIATED PRESS The Kansas City Chiefs wanted to show their confidence in the scapegoat of the previous week’s contest. After fumbling the ball with 1:25…

Read Press Release

Why Canadian Conservatives Lost the Election

When they went soft on core principles, demoralized voters stayed home or voted for an upstart third party. NRPLUS MEMBER ARTICLE W hen Canadian prime minister Justin Trudeau called a snap election for this past Monday, the Conservative opposition had the chance to present a real contrast to his “woke” Liberal government. Instead, Conservative Party…

Read Press Release

It’s a Good Day to Update All Your Devices. Trust Us - Click To Share

Share on facebook
Share on twitter
Share on reddit
Share on linkedin
Share on email
Share on whatsapp