Apple zero days out – September 2023

Apple has fixes for zero days that have been under attack. It appears most are triggered by a specially crafted web content.

• CVE-2023-41991 – A certificate validation issue in the Security framework that could allow a malicious app to bypass signature validation.
• CVE-2023-41992 – A security flaw in Kernel that could allow a local attacker to elevate their privileges.
• CVE-2023-41993 – A WebKit flaw that could result in arbitrary code execution when processing specially crafted web content.

📱 iOS and iPadOS 17.0.1 – 3 bugs fixed
📱 iOS and iPadOS 16.7 – 3 bugs fixed
⌚ watchOS 9.6.3 – 2 bugs fixed
⌚ watchOS 10.0.1 – 2 bugs fixed
💻 macOS Ventura 13.6 – 3 bugs fixed
💻 macOS Monterey 12.7 – 1 bug fixed

Mind you iOS 17 *just* came out the other day.

These security vulnerabilities have been seen in attacks in the wild.

Apple 2030

APPLE NEWS

By Will Fastie

Mother Nature deems Apple’s ambitious clean-energy goals worthy, albeit surprising.

Oscar winner Octavia Spencer, in her starring role as Mother Nature in Apple’s fall event, stole the show. Apple goes Hollywood all the time in these events, but this was different.

In a nicely done surprise skit, Mother Nature has come to Apple to audit its progress on meeting its green goals, specifically carbon neutrality. This alone was funny because all companies seem to have stated goals, but it’s hard to know whether any are being achieved. Mother Nature was skeptical to the point of assuming Apple was just blowing smoke, so to speak.

Read the full story in our Plus Newsletter (20.38.0, 2023-09-18).
This story also appears in our public Newsletter.

Wi-Fi 7? Why not!

PUBLIC DEFENDER

By Brian Livingston

International standards bodies are just months away from finalizing a wireless networking improvement that’s being called Wi-Fi 7. When devices start supporting and using the new protocol, Wi-Fi 7 promises theoretical speeds far beyond what’s currently possible with Wi-Fi 6 (which was officially approved back in 2014).

But don’t go out and buy all new stuff just yet. Theory is one thing, and reality is another. You may never see noticeably faster speeds from any Wi-Fi 7 devices you may own in the future. What are the reasons for this? I’m glad you asked.

Read the full story in our Plus Newsletter (20.38.0, 2023-09-18).

Second city — the AI view from Washington

LEGAL BRIEF

By Max Stul Oppenheimer, Esq.

Multiple players are deciding their opening moves in reacting to the sudden entry of this technology into the public consciousness.

Not surprisingly, their approaches differ because their interests differ.

In my previous installment (2023-08-28), we saw how Microsoft is grappling with how to protect its interests — offensive and defensive — in a highly volatile and unpredictable future. In the short time since that article published, it appears that Microsoft may already be fine-tuning its approach.

Read the full story in our Plus Newsletter (20.38.0, 2023-09-18).

Zeroing in on zero days

PATCH WATCH

By Susan Bradley

September’s updates are out, with several zero days and several interesting vulnerabilities.

The good news is that for consumers and home users, many of these are unique to a business network and won’t be seen in a home network.

What will be seen this month is that the update installation and reboot process will take longer. I’m not sure what is triggering the slowness, but note that this month’s updates also include .NET updates. Patience.

Read the full story in our Plus Newsletter (20.38.0, 2023-09-18).

Got a Windows configuration update?

Did you receive a Windows configuration update that demanded a reboot?

I got it at the office where my patches are normally controlled and I’m not 100% sure what the “configuration” was updating.

I believe – but I’m not sure – it was a Moments release as the update history points to this page.

If so, it really was not a great experience. No notification, just an alert I needed to reboot and not a great deal of information about exactly what was installed. Furthermore in my LONG experience with Windows, machines do weird things if patches are installed and machines are not rebooted so I really don’t like to see machines with pending updates.

So did you receive this as well on your Windows 11 22H2? Let me know in the comments.  Needless to say I’ll be investigating as to why Microsoft handled this like this.

Master Patch List for September 12, 2023

I’ve updated the Master Patch list for the September updates.  Remember to always review the known issues we are tracking on the Master Patch List page. I will keep the latest info there.

The updates are taking longer than normal to install. Many are reporting this, but it doesn’t mean anything bad is happening to your machine.

Consumer tip:  If you are on Windows 11 and have any sort of third party menu or file explorer program, ensure that it’s up to date. If the start menu won’t launch be prepared to remove it. While I haven’t seen issues in my testing, it’s still too soon to be installing updates.

I am recommending at this time that you install Apple updates, I’m not recommending Windows updates at this time. I’ll have more details in the newsletter on Monday.

• Windows 11 22H2: Recommended
• Windows 11 21H2: Will be recommended these get updated to 22H2 at the end of the month.
• Windows 10 22H2: Recommended
• Apple Ventura – Recommended for newer hardware – as always check with the applications you rely on if they recommend this release.

As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

September patches, Apple headlines and Browsers!

Lots of headlines today. Today is the day they hold their event to announce new product releases. Rumor has it that iPhone 15 will be announced.

Next up is our usual release of security patches from Microsoft.  Remember today is the day that I start testing, and the rest of you hold back. We have adventurous souls on the site that also test and report back (and for that thank you!) .  In early review we have for Windows 11 in addition to security patches additional “enhancements” (annoyances?) such as “new hover behavior for the search box gleam, fixes an issue that impacts the search box size. It also “This update removes a blank menu item from the Sticky Keys menu. This issue occurs after you install KB5029351.”

Remember for businesses, you need to be aware of the full enforcement phase for updates that impact Kerberos protocol changes. Before you install updates this month ensure you have reviewed your Domain controller event logs looking for Event 43 with the text “The Key Distribution Center (KDC) encountered a ticket that it could not validate the
full PAC Signature. See https://go.microsoft.com/fwlink/?linkid=2210019 to learn more. Client : <realm>/<Name>” in the System law.

Finally and in my mind, more importantly as an action item that I DO want you to do, is to launch each browser you have on any device and review that it’s up to date. Chrome has a zero day out and just released a fix for it. Firefox is out with 117.0.1 today. So regardless if you patch your operating system – whether that’s Windows, Mac, or various flavors of Linux, DO launch your browser, to into the settings and then about to make it ‘kick’ a self update.  Make sure you do this on all browsers today.

Dustin Child’s zero day blog

As a reminder I’ll be watching for bugs and side effects and will call them out on the Master Patch List page.

How to upgrade your Windows 10 PC to Windows 11

WINDOWS 11

By Lance Whitney

Can you switch your computer from Windows 10 to Windows 11 without any major hiccups? Here’s how the upgrade played out for me.

I recently decided to move my Windows 10 Lenovo laptop to Windows 11. Lately, for both personal and professional reasons, I’ve been relying more on features that are exclusive to Windows 11 — including Phone Link support for the iPhone, the new Photos app, AI integration, support for Android apps, smarter voice dictation, and screen recording in the Snipping Tool.

Read the full story in our Plus Newsletter (20.37.0, 2023-09-11).
This story also appears in our public Newsletter.

Moving from Evernote to OneNote

ONENOTE

By Mary Branscombe

Microsoft no longer has a tool to help you move from Evernote to OneNote, but there are two utilities that can make it less painful.

When OneNote was first introduced back in the days of the original Tablet PC, it wasn’t the only app to help you keep track of your notes. Evernote — originally named for its approach of an endless scrolling piece of digital paper, like a toilet-paper roll or till receipt — launched around the same time.

In light of the recent layoffs of almost everyone who worked on Evernote after the company was bought by Bending Spoons, that name might now look a little ironic.

Read the full story in our Plus Newsletter (20.37.0, 2023-09-11).

Essential Office — Fewer bells, fewer whistles

FREEWARE SPOTLIGHT

By Deanna McElveen

My husband bought me a smart watch a few years ago. I use it the same way I used my old Timex — to tell me the time.

I work with a lot of customers who purchase expensive office suites, such as Microsoft Office, only to be overwhelmed by the features. I have just as many customers whom I have steered toward free office suites such as LibreOffice. But even these can be daunting if you just want to write a Christmas letter, keep track of your members’ lodge dues, or make a chart of duties for volunteers at a town festival.

Read the full story in our Plus Newsletter (20.37.0, 2023-09-11).

The death of a hard drive

ON SECURITY

By Susan Bradley

I got a call. “Susan? Can you help me with my laptop? It won’t boot up, and it’s making a weird noise.”

“Sure,” I said to the friend on the other end of the phone call.

But when my friend brought the laptop and I turned it on, I went from feeling certain I would tame the tech (after all, it’s me) to knowing it wasn’t looking good and that I might not be able to help after all.

Read the full story in our Plus Newsletter (20.37.0, 2023-09-11).