We all hate updates, we get it. You’re trying to get your work done and another notification interrupts your work and wants to restart your computer. But today is a good day to stay on top of your updates as Apple, Google and Microsoft have all pushed fixes in the past two days for vulnerabilities that are being actively exploited in the wild.
APPLE UPDATES
The biggest news-worthy update is for an exploit known as ForcedEntry and is a “zero ckick” attack. This requires no interaction from the user and exploits Apples image-rendering library. This affects macOS, watchOS and iOS, but there are now fixes for all three.
MICROSOFT UPDATES
We have already reported on this one, but the MSHTML exploit, which is the rending engine used by Internet Explorer and Microsoft Office. If you open a tainted office file, it allows the attacker to execute commands on your machine. As a part of Patch Tuesday, this bug as well as dozens of others have now been fixed.
GOOGLE UPDATES
There’s two critical vulnerabilities in chrome with patches available now. It relates to Googles V8 JavaScript and WebAssembly engine, as well as the IndexedDB API which allows you to store data in a users browser. However, details on this exploit are thin as Google wants to withold details until a majority of users are already patched.
Keeping safe online
There is no doubt that the internet is creating more opportunities for businesses to grow and innovate. With these innovations come security concerns and you need to make sure your business isn’t the next target. A good multi-layered security approach is always best.
- Keep your systems up to date
- Implement a multi-layered security solution, such as Antivirus, DNS Filtering, Detection Engines and Endpoint Detection and Response solutions.
- Enable Multi-Factor authentication on all your accounts
- Train your staff on how to spot scams and phishing attempts
Be sure to contact us if you want to learn more about patch management and keeping your systems secure!