Multiple zero-day vulnerabilities in iOS, Windows and Chrome

We all hate updates, we get it. You’re trying to get your work done and another notification interrupts your work and wants to restart your computer. But today is a good day to stay on top of your updates as Apple, Google and Microsoft have all pushed fixes in the past two days for vulnerabilities that are being actively exploited in the wild.

APPLE UPDATES

The biggest news-worthy update is for an exploit known as ForcedEntry and is a “zero ckick” attack. This requires no interaction from the user and exploits Apples image-rendering library. This affects macOS, watchOS and iOS, but there are now fixes for all three.

MICROSOFT UPDATES

We have already reported on this one, but the MSHTML exploit, which is the rending engine used by Internet Explorer and Microsoft Office. If you open a tainted office file, it allows the attacker to execute commands on your machine. As a part of Patch Tuesday, this bug as well as dozens of others have now been fixed.

GOOGLE UPDATES

There’s two critical vulnerabilities in chrome with patches available now. It relates to Googles V8 JavaScript and WebAssembly engine, as well as the IndexedDB API which allows you to store data in a users browser. However, details on this exploit are thin as Google wants to withold details until a majority of users are already patched.

Keeping safe online

There is no doubt that the internet is creating more opportunities for businesses to grow and innovate. With these innovations come security concerns and you need to make sure your business isn’t the next target. A good multi-layered security approach is always best.

  • Keep your systems up to date
  • Implement a multi-layered security solution, such as Antivirus, DNS Filtering, Detection Engines and Endpoint Detection and Response solutions.
  • Enable Multi-Factor authentication on all your accounts
  • Train your staff on how to spot scams and phishing attempts

Be sure to contact us if you want to learn more about patch management and keeping your systems secure!

Most Recent:

Random Pick:

Have you been sent a fake invoice?

The other day a customer contacted us about an invoice for their domain name. We manage everything to do with our customer’s domain names, including the domain renewal, DNS, website hosting, etc

Read More »