Simple Cyber Defense

Vulnerabilities for iPhone, Mac, and Windows – Show Notes

Welcome back to the simple cyber defense podcast. In this week’s episode, we’re going to be discussing vulnerabilities that are found in iPhones, Mac and Windows operating systems. So let’s begin. So we’re going to start off with the iPhone vulnerabilities. So, a group has confirmed that 900 million iPhones are left vulnerable to a male demon security flaw. So what is a male demon? A male demon is the means that the software uses to be able to send and receive emails. So why is this such a big issue? Well, this could be used for any number of exploits. And Apple has recently confirmed that one of its oldest vulnerabilities has affected millions of iPhone users. At a time of the writing, things are not looking good. Back in April, Apple acknowledged that every iPhone that has been launched in the past years was prone to remote attacks through the iOS Mail app. So in other words, they can use your iPhone to mail is old Mail app to control your iPhone from the remote promote remotely. This is a big deal because then they can have access to your phone, steal data or install apps that will further compromise your iPhone device. So the big question is what can be done to fix this issue? Apple has been downplaying the severity of this issue. However, there have been talks about being a fix to the vulnerability in the upcoming eyes. Was 13.5 which will be available for iPhone six s in newer. But what about the phones before that they will still have the vulnerability because they will not have this ISO 13.5 update. So what can happen to the older iPhones? Well, unfortunately, since there won’t be a fixed port, the only thing you can do is to disable the ISO matte Mail app and either use Gmail or some other client app trusted enough to be able to use your email clients. Because this particular mail daemon is only affecting the ISO Mail app and not any other mail apps. So we’re going to move on to the next issue which is is a critical windows 10 flaw that could let hackers delete important files unless you update now. So the two major vulnerabilities that Microsoft highlight included remote code execution flaws in the Microsoft color management and Windows Media foundation. These flaws have nefarious parties the power good things third parties power to install programs view change or delete data or create a new windows 10 account. So how is this happening? addressing the Microsoft Color Management flaw in Windows 10 says in the web basic attack scenario an attacker could host a Spitz specifically crafted website that is designed to exploit the vulnerability And then convince users to view the website. The Hacker can’t force you to view that website. But once they do, they can gain control through this color management flaw. This is typically done by getting the user to click on a link in an email or instant message message that uses the attackers website by opening the attachment or clicking on the link you’re sent to their website which would compromise your computer. So what can be done for this issue? Just update to the newest patches for Windows 10. And also be careful what you click on because not every link or attachment would be safe for you. to click on. And so now we talk about the final issue, which affects both Windows and Mac users, which is the Adobe Reader in Acrobat now have nine critical flaws that have been patched. So these flaws are mostly affecting a few things. The first thing that the flaw would go after is the out of bounds reading. What does this mean? It basically gives the attacker the ability to read information that it should. It gives them ability to read a lot of private data or data that you’ve not disclosed in improper ways The next one, the next few are mostly for arbitrary code execution. Which basically means that the attacker is allowed to use this exploit to run their own code on your computer without your interaction at all. And the last one is mostly talking about privilege escalation. Which means basically means using means to create an account which has no privileges and can’t do anything and then elevated up or give itself rights to do everything that wants to basically super user abilities. So they can delete your files, change anything they want, make your computer even more vulnerable. All of this is done mostly through the PDF EFS that Acrobat reads. So what an attacker will do is create a malicious PDF, send it through you through email. And then once you open it, it runs code in the background to exploit all these things. So the best thing to do is to make sure that your Adobe Reader or Acrobat is up to date with all of the patches because all of these codes have been patched up. So this concludes this week security updates. So just remember, keep everything up to date. and tune in for the next one to see what is next in a crazy world.

Transcribed by

900 Million iPhones Left Vulnerable to the MailDemon Security Flaw –
Critical Windows 10 flaw could let hackers DELETE important files unless you update now –
Windows 10 or Mac user? Patch Adobe Reader and Acrobat now to fix 9 critical security flaws –