A zero-day threat (also sometimes called a zero-hour threat) is one that hasn’t been seen before and doesn’t match any known malware signatures. This makes it impossible to detect by traditional signature-matching solutions. It may exploit a previously unknown software vulnerability (sometimes called a zero-day vulnerability), or it may be a new malware variant delivered by traditional means.
If you are relying solely on anti-virus software and a software firewall, zero-day threats are what is going to ruin your day.
You need to install ALL patches and updates as soon as they become available. From the time the threat is actively released to the wild until a patch or update can be issued is a vulnerability window FOR YOU. Past the point where patches and updates are issued the threat is no longer considered a zero-day attack. It’s up to you to keep your gear as updated, patched and protected as possible.
Three zero-day vulnerabilities have been discovered and patches released for Apple/Mac products. Nearly all products from phones to pads to desktops are vulnerable without these patches. They should be installing themselves, or have installed themselves, automatically. Unless for some unfathomably dumb reason you’ve turned off automatic updates.
This is not the same thing as keeping your anti-virus and/or antimalware software up to date. These attacks target vulnerabilities that have been discovered in your operating system software, the stuff that runs your device. They will sail right past your security software because they are attacking a known hole in the operating system software itself. You are not safe if you rely on anti-virus/antimalware software alone. The ONLY way to protect yourself is to install the patches released by Apple Inc.
I just now found out about this, the attacks were discovered and emergency patches issued 4 days ago. For more information about this current threat click these links …
https://www.securityweek.com/apple-patches-3-exploited-webkit-zero-day-vulnerabilities/
6 replies on “Apple releases zero-day patches, UPDATE YOUR APPLE/MAC PRODUCTS NOW!”
I own an iPhone, so I checked to see if there was an update available. I have to admit, when the first sentence of the update description is “This update introduces 21 new emoji …” I can’t really take it too seriously. I know there are “other enhancements, bug fixes, and security updates,” but they seem to take a back seat to “21 NEW EMOJI!!!”
This is unfortunately typical for just about all device and operating systems providers today.
One of my best friends is an Apple/Mac user. He refuses to do updates because he says mostly all they do is update the advertising stuff. Sadly that’s true but equally sadly it’s not a good reason not to run updates and patches. By doing things this way vendors are discouraging vital updates which should be prioritized ahead of everything else. After all, their ads mean nothing if the device gets hijacked or destroyed in a zero day attack.
Vendors are focused on revenue not end users. If you read my posts you’ll see that I sometimes speak up against blind capitalism. This practice is capitalistic as it comes. The vendors are chasing the market at the expense of the customer. The vendors see it as a matter of having so many customers that if they lose a few that doesn’t offset the financial gains realized by these practices.
I’m not a socialist or anything like that. I know that controlled, responsible capitalism is the very best economic system possible. Controlled, responsible capitalism demands a significant amount of customer care. Putting the customer first is the result. I provide a service not physical goods so “customer first” capitalism is something I’ve practiced for decades.
Not putting the market first, that’s irresponsible and a result of the blind pursuit of capitalism.
As I’ve said here on this site many times, anything taken to the extreme and to the exclusion of all other factors is always going to be a problem.
I keep an eye on this stuff because of the work I do. If I see something urgent I’ve been posting it here to try to help out the membership. I just put this site on the list of people or organizations to notify in the event of an urgent, developing threat.
There are an amazing quantity of threats. I’m only notifying people of the very worst of the worst.
There’s a lot of stuff that’s not urgent but that doesn’t mean people should ignore updates and patches either.
BTW, I did install the latest update. I’m just sad that Apple feels that more emoji is a better hook for getting their consumers to update the phones than making sure their phones are functional.
Thanks ACTS (TM), I just forwarded this message to my wife and daughters, who just luv them their Apple phones and tablets. While I use the sites….Malwarebytes and Bleeping-computer are not something I check in on hourly, or daily, or weekly. Your heads up was welcome.
I get emails from those places and more, plus CISA, on a daily basis. The kind of work I do demands that I keep abreast of developing threats in the wild. I usually read them over while I have my morning pot of coffee. I’m always on the lookout for something that affects my clients, my family, my friends or myself.
I know for a fact that there are MacApples in here that do not update their software so knowing that someone is at risk requires I take some sort of remedial action. I know this because they’ve told me and I’ve told them they’re walking through a minefield and don’t even know it.
Those sorts of people have told me they’ll be fine and for whatever reason have no intention of patching their systems. They won’t be fine, it’s a matter of when not if.
So this is what I can do.
You can lead an Applehead to water but you can’t make ’em drink.
You’re a good resource ACTs.
….Pot of coffee….I saw what you did there….
The “I don’t trust the x company” or “It won’t happen to me” folk remind me a young guy and gal whistling the tune of “sunshine, lollypops and rainbows everywhere”….as they’re walking past the graveyard.
My first bout of losing a drive to Michelangelo, so many years ago, taught me the benefits of good digital hygiene habits.
Thanks again. Wife and kids have already ACTed.