The main topic of the article is the importance of keeping devices updated with the latest security patches.
Key points:
1. Many devices stop receiving security updates, leaving them vulnerable to exploits.
2. Options for continuing to use unsupported devices include installing custom ROMs or being extremely cautious.
3. The best solution is to buy a new phone that is supported by regular security updates.
August has seen a flurry of patches released by technology giants like Microsoft, Google Chrome, and Firefox to fix serious vulnerabilities. These patches are crucial as some of the flaws are already being exploited in attacks. While there was no iPhone update from Apple, major fixes were released for enterprise software, including Ivanti, SAP, and Cisco. Microsoft's Patch Tuesday fixed numerous vulnerabilities, including ones being actively targeted. Google Chrome also issued updates, addressing high impact flaws in V8 and WebRTC. Firefox patched various vulnerabilities, some of which could lead to arbitrary code execution. Lastly, Google patched several critical vulnerabilities in its Android operating system, including RCE issues in System and Media Framework.
Two zero-day vulnerabilities, CVE-2023-41064 and CVE-2023-41061, were exploited by NSO Group's Pegasus spyware to infect fully-patched iPhones running iOS 16.6 via PassKit attachments containing malicious images, prompting Citizen Lab to urge Apple users to update their devices and activate Lockdown Mode.
Apple devices are vulnerable to a zero-click, zero-day vulnerability that allows the delivery of Pegasus spyware, even on the latest iOS version, with the exploit being referred to as BLASTPASS by researchers at Citizen Lab who collaborated with Apple on addressing the issue.
Apple has issued security updates to fix two zero-day exploits that could be used by attackers to steal cryptocurrency, prompting the CEO of Binance to urge users to update their devices immediately.
Apple has released iOS 16.6.1, an emergency update for iPhones, to fix two serious flaws that have been actively exploited by attackers to deliver spyware without user interaction.
Apple has urged iPhone users to update their operating systems due to a new security breach exploited by Israeli NSO's Pegasus spyware, causing concerns in Israel over potential backlash from the US.
Apple has issued emergency security updates to fix two zero-day vulnerabilities that allowed the Pegasus spyware to access iPhones, iPads, and Macs, enabling hackers to monitor and record calls and messages and access the camera and microphone.
Google has released emergency security updates for Chrome to address a zero-day vulnerability (CVE-2023-4863) that has been exploited in attacks, urging users to update their browsers to prevent further exploitation.
Summary: Microsoft's September 2023 Patch Tuesday includes security updates for 59 flaws, featuring two actively exploited zero-day vulnerabilities.
Apple will release a software update for iPhone 12 users in France to address radiation concerns raised by the country's regulators and bring the devices into compliance with European standards, but the regulators will test the update before lifting the marketing withdrawal order.
Samsung has released a new security patch for its Galaxy devices in September 2023, addressing critical and high-security vulnerabilities.
Apple is releasing operating system updates, including iOS 17, WatchOS 10, iPadOS 17, TVOS 17, and MacOS Sonoma, with new features and improvements for compatible devices.
Apple has released watchOS 10, which includes a revamped interface, new watch faces, updated apps, and features for cycling, hiking, and mental health tracking.
Apple has released urgent security updates to patch vulnerabilities actively exploited, including flaws in WebKit, certificate validation, and kernel access, which were part of an exploit chain used to plant the Pegasus and Predator spyware.
Apple has patched three zero-day vulnerabilities that were used in a sophisticated attack targeting the iPhone of an Egyptian presidential candidate, involving spyware developed by a commercial exploit seller and a compromised cellular network.
Users of Apple's iPhone, iPad, Apple Watch, and Mac are being warned to update their devices immediately due to active and sophisticated spyware attacks targeting high-profile individuals, with the security update addressing three critical vulnerabilities.
Apple has released a new security update for iPhones, iPads, and other devices to protect against three vulnerabilities, following a previous update released earlier this month.
Developers release a slew of day one updates to support Apple's latest platform features following the release of major OS updates like iOS 17, iPadOS 17, and watchOS 10, while Android developers are less incentivized to update on day one due to the slower adoption of Android updates and fewer new platform features to adopt.
Apple has released a software update to address concerns about the iPhone 12 exceeding legal radiation exposure limits in France, potentially avoiding a ban on the device.
Google has released an emergency patch for a zero-day vulnerability in Chrome that was exploited by a commercial spyware vendor, and the vulnerability has been linked to the zero-click iMessage exploit chain used to deploy the NSO Group's Pegasus spyware on compromised iPhones.
Apple has released the iOS 17.0.3 update for iPhone and iPadOS 17.0.3 update for iPads, addressing an overheating issue on iPhone 15 Pro and iPhone 15 Pro Max and a kernel vulnerability that could be exploited by attackers.
Samsung is rolling out its October security patch to address vulnerabilities in One UI, with a focus on backend fixes and addressing critical vulnerabilities and Android weaknesses, and the update is being released for various Galaxy devices including the Galaxy S series, Galaxy Z Fold/Flip series, and Galaxy A/M/F series.
Apple plans to release a software update for the iPhone 12 in France to comply with radiation testing requirements and address concerns raised by regulators about excessive radiation levels emitted by the device when in contact with static surfaces.
Cisco has disclosed two zero-day vulnerabilities (CVE-2023-20198 and CVE-2023-20273) that are being actively exploited by hackers to compromise and gain control over IOS XE devices, with over 40,000 devices already compromised, but the company has found a fix and plans to release it on October 22.