The Cookie Monster is after your Apples

 In ITC's Threat of the Week

 

There have been a number of important security releases for both iOS and OS X this week.

The most interesting of these is the 9.2.1 iOS update which fixes an issue on your iDevices which was discovered by the very clever people at Skycure as far back as 2013. Thankfully they kept shtum about it until this weeks fix because it exposes the following fairly major issue:

Until this fix, it seems that iDevices connecting to wireless networks which use captive portals – you know, pubs, coffee shops and the like, use a shared cookie store which would mean that a malicious captive portal could very easily steal your credentials for other sites and even change the data presented back to you to trick you into downloading malicious code.

This is a very big deal, especially now it is in the open and we urge you to upgrade your devices immediately.

There were also important security updates for versions 10.9-10.11 or Mavericks, Yosemite and El Capitan for you Fanbois. These cover a multitude of security issues, which could lead to an attacker escalating privileges and owning your lovely shiny Apple goodness. Again we recommend patching as we always do.

You may have read or heard about the so called Linux KeyRings vulnerability this week. Shrieking headlines told us that all Linux systems were doomed and “66 percent of Android devices were vulnerable”.

Well it turns out that it isn’t that bad at all. It is hard to exploit on Linux machines and not a great deal of Android devices are impacted, and there is absolutely no need to panic.

The issue does however require attention and we would urge those of you who utilise proper operating systems that end in NIX to review the very thorough ZDNet article :

ITC’s NetSure360°managed service platform has technology that can identify unpatched devices and depending on their criticality and connectivity restrict their access or even enforce remediation. We would love to demonstrate this to you. If you want to see this in action and see how it could assist your business please contact us on: 020 7517 3900 or email us at:[email protected].

Author: Kevin Whelan

Recent Posts

Leave a Comment

Tel:
+44 (0) 20 7517 3900

 

Contact ITC Secure

If you have a question, request, comment or requirement, please send us an email now and we will get back to you by return