Newsletter Archives

  • Master Patch List of May 16, 2022 – Apple zero days fixed

    I’m releasing an update to the Master Patch list – not to give the go ahead for any Windows patches, rather to announce that Apple has released several updates that include fixes for zero days.

    While it includes new features for Apple Cash, the Podcast app amongst others, it includes 30 security fixes for iOS 15.5 and macOS 12.4 includes 50 fixes.

    Overall tally:

    macOS Monterey 12.4 – 73 bugs fixed
    macOS Big Sur 11.6.6 – 52 bugs fixed
    Security Update 2022-004 Catalina – 37 bugs fixed
    iOS and iPadOS 15.5 – 34 bugs fixed
    watchOS 8.6 – 21 bugs fixed

    1 zero-day in macOS Big Sur 11.6.6
    1 zero-day in watchOS 8.6

    One zero day involves “A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

    I’ll dig around to see if I can find information on HOW the attacks occur as not all risks are created the same.  Note I recommend that you wait for Apple’s ‘dribble’ patching while they get their telemetry from early updaters.

     

  • New Apple forums

    We’ve once again expanded the Apple forums with some more categories. Since Apple is making big changes in hardware we’re added a specific venue for hardware. If you are confused about what can – and can’t be done with the new M1 hardware this is the place to ask questions.

    Also just like the Windows forum, we’ve now separated the macOS by versions (noting which ones are and are not supported)

    Remember to post a new topic, find the category and look for the button for new topic.

    This button shows up when you are in a sub forum.

    As always you can look in the upper right side where we have shortcuts for the major categories!  Let me know what you think!

     

  • Hey small business! There may be an Apple in your future

    Apple announced that Apple business essentials is now available- as they state on the post:

    The complete solution begins with simple employee onboarding, allowing a small business to easily configure, deploy, and manage Apple products from anywhere. With the Collections feature, groups of apps can be delivered to employees or teams, and settings can be automatically pushed to devices, such as VPN configurations, Wi-Fi passwords, and more.

    I thought it was interesting…

    Managed Apple IDs can be created by federating with Microsoft Azure Active Directory and, coming later this spring, with Google Workspace identity services, allowing employees to log in to their device with a single business username and password.

    As we move to where the browser is more and more where are key applications are (as in they are hosted on a cloud) this may be the wave of the future. Also keep in mind that if you still do need a Windows machine there are hosted/virtual machines either offered by private firms, or by Microsoft themselves.

  • Apple pushes updates for 2 new zero days

    watchOS 8.5.1
    This update has no published CVE entries.
    Apple Watch Series 3 and later 31 Mar 2022
    macOS Monterey 12.3.1 macOS Monterey 31 Mar 2022
    iOS 15.4.1 and iPadOS 15.4.1 iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) 31 Mar 2022
    tvOS 15.4.1
    This update has no published CVE entries.
    Apple TV 4K and Apple TV HD 31 Mar 2022

     

    – CVE-2022-22675 in AppleAVD

    – CVE-2022-22674 in Intel Graphics Driver

    2 zero-days in macOS Monterey 12.3.1

    1 zero-day in iOS and iPadOS 15.4.1

    Apparently actively exploited, used to hack iPhones, iPads and Macs.  It’s unsure if it’s merely targeted attacks or more widespread. Apple AVD is a media decoder file so watch (pun intended) what you are watching on your devices until they are patched.

  • Seeing battery drain issues on your iPhone?

    The Apple twitter account is seeing an uptick of folks complaining (**) about the battery drain issue after the latest update to 15.4.

    My Dad and a Co-worker are seeing the issue.

    • Try rebooting.
    • Try letting it sit overnight.
    • Try backing it up and totally restoring it (ugh)(*)

    (*)Or wait until enough of us complain and they send out another update to fix the issue.  You may want to click on settings, general, software updates and if you do NOT have iOS 15.4 turn off auto updates until we see what is going on.

    (**) Seeing it specifically being reported on the newest iPhone models. I’m also seeing reports that it makes the phones run “hot”.

  • Microsoft hacked? What’s OKTA?

    The security buzz today is all about two related events. First off the reports are that source code from Microsoft’s Bing Search engine, Bing Maps and Cortana virtual assistance was obtained and dumped out for all to see.

    First off I typically don’t panic on these “source code” leaks. It doesn’t mean that Bing is now insecure. Rather it just means that like open source software more people can look at it and POTENTIALLY find vulnerabilities.  Doesn’t mean they WILL, just that it’s been exposed to more eyeballs. What is more interesting (concerning?) to me is HOW this group was able to gain access.  I’m more interested in the how of an attack than the what.  “Microsoft is investigating”.  Yeah.  I bet they are.  I feel sorry for the investigation team that now has to comb through log files.

    Next this same group called Lapsus$ out of Brazil was able to obtain access to a support personnel for the OKTA single sign on authentication software for Enterprises is the bigger “oh dear” of the day. Lapsus$ also is the group that has stolen source code from Nivida, Samsung, Ubisoft among others.  OKTA CEO is saying that this event is related to an event in January where an engineer got “popped” and compromised.

    So… while the timing may make you think this is related to yesterday’s White House announcement regarding possible Russian cyber attacks, it doesn’t appear to be a direct cause and effect.

    But that said, in light of yesterday’s statement what should you and I do?

    Well if you weren’t doing this stuff before, it may be already too late… but here’s my list:

    1. BACKUP.  Oh, you aren’t doing this now?  You should have been doing this for YEARS already and be expert at this.
    2. Password review and multi factor where you can.  I don’t want you to run out and immediately change all of your passwords because that would most likely cause you to choose really bad ones as a result. Don’t just change passwords for change sake. But certainly look at those services and sites that are your high risk ones like banking and financial. Is THAT password unique? Passphrase? For banks (that are always the slowest to upgrade to new authentication) can you at least ensure some sort of two factor mechanism? Stop reusing passwords and get a password storing solution (either a paper journal and write them down or a solution like Lastpass, Keypass, etc)
    3. Ensure that March updates are installed at this time (Windows, Apple, ChromeBook) all should be deployed now.
    4. Review if your router was patched in this century (just kidding, but kinda seriously). If you can’t remember the last time your router got a firmware update it may be time to consider a new router?

    As always if you have any questions either post in the comments to this post or head on over to the CyberSecurity for Home users forum.

    Needless to say we will be discussing these topics and more in the AskWoody Newsletter.

    P.S. Black Hills Information security will be doing a webcast on Youtube  at 4:30 p.m. eastern time (now)

  • Master Patch List as of March 22, 2022

    We have yet to see the preview releases for Windows 11 either last week or this week (I’m guessing they may be coming out tomorrow?), but I’ve published the updates to the Master Patch List tonight as of March 22, 2022 and we’re getting ready to send out the alert tomorrow regarding the Patch status for March.

    Thank you all for supporting the cause! Remember a mere $1 donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

    If Microsoft does release the preview updates for Windows 11, I’ll update the Master Patch List but remember, I don’t recommend installing preview releases.

  • Mac OS Monterey 12.3 is out

    MacOS Monterey 12.3 — Restart Required

    5.26 Gigs download.

    The release notes indicate:

    MacOS 12.3 adds Universal Control so you can use a single mouse and keyboard across your Mac and iPad. This release also includes new emoji, dynamic head tracking for Music, and other features and bug fixes for your Mac.  (Susan comment:  I’m not sure I’ve ever used or needed a mouse on an iPad?  The keyboard is nice especially when you are composing emails)

    Universal Control (beta)
    • Universal Control allows you to use a single mouse and keyboard across iPad and Mac
    • Text can be typed on either Mac or iPad and you can drag and drop files between them

    Spatial Audio
    • Dynamic head tracking is available in Music with supported AirPods on Mac computers with the M1 chip
    • Customizable spatial audio settings for Off, Fixed, and Head Tracked are now in Control Center with supported AirPods on Mac computers with the M1 chip

    Emoji
    • New emoji including faces, hand gestures, and household objects are available in emoji keyboard
    • Handshake emoji allows you to choose separate skin tones for each hand

    This release also includes the following enhancements for your Mac:
    • Siri now includes an additional voice, expanding the diversity of options
    • Podcasts app adds episode filter for seasons, played, unplayed, saved, or downloaded episodes
    • Safari webpage translation adds support for Italian and Chinese (Traditional)
    • Shortcuts now supports adding, removing, or querying tags with Reminders
    • Saved passwords can now include your own notes
    • Battery capacity readings have improved accuracy

    This release also includes bug fixes for your Mac:
    • News widgets in Today View may not open articles when clicked
    • Audio may sound distorted while watching video in the Apple TV app
    • Some photos and videos may be unintentionally moved when organizing albums in Photos

    Some features may not be available for all regions or on all Apple devices. For information on the security content of Apple software updates, please visit this website: https://support.apple.com/kb/HT201222 

  • The M1 Ultra debuts

    APPLE NEWS

    Will Fastie

    By Will Fastie

    Keeping to schedule, Apple drops the next shoe in its master plan to get all its products running on its own, proprietary, silicon.

    It’s been about 18 months since Apple announced the original M1 system on a chip (SOC), introduced several products based on it, and laid out its plan to transition to its own silicon in roughly two years.

    At its spring event last week, the company took its next step in that transition and went so far as to tease the last shoe. Perhaps “tease” is the wrong word because the company came right out and said it — the last brick in the wall will be a transition of the insanely expensive Mac Pro to Apple silicon.

    Read the full story in the AskWoody Plus Newsletter 19.11.0 (2022-03-14).

  • Apple pushes fixes for zero days

    Apple pushed updates for a zero day (CVE-2022-22620) in Webkit that’s been used to attack users.

    Also fixed today is a Zero day in Monterey 12.2.1 and a zero day for iOS and iPad 15.3.1

    Apple security updates

    Name and information link Available for Release date
    macOS Monterey 12.2.1 macOS Monterey 10 Feb 2022
    watchOS 8.4.2
    This update has no published CVE entries.
    Apple Watch Series 3 and later 10 Feb 2022
    iOS 15.3.1 and iPadOS 15.3.1 iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) 10 Feb 2022
  • Apple security updates out for January 2022

    Just a reminder to those that have and use Apple devices, today there are several security updates out for MacOS, Apple TV, iPhones, iWatch.  Just the other day we had to turn off an iWatch and turn it back on to get it resync’d to the watch.

    Included in these updates are several zero day fixes.

    Apple security updates

    Name and information link Available for Release date
    Security Update 2022-001 Catalina macOS Catalina 26 Jan 2022
    macOS Big Sur 11.6.3 macOS Big Sur 26 Jan 2022
    macOS Monterey 12.2 macOS Monterey 26 Jan 2022
    tvOS 15.3 Apple TV 4K and Apple TV HD 26 Jan 2022
    iOS 15.3 and iPad OS 15.3 iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) 26 Jan 2022
    watchOS 8.4 Apple Watch Series 3 and later 26 Jan 2022
  • 38 years ago an Apple was born

    Steve Jobs presenting the first Mac in 1984 – YouTube

    “Steve Jobs, Steve Wozniak and their ingenious team at Apple announced on January 24, 1984, the launch of the Macintosh 128K, the original Apple personal computer.”

    On This Day: Apple release first Macintosh computer – Press Las Vegas