By continuing to use the site or Forum, you agree to the use of cookies, find out more by reading our GDPR policy.

Apple has released security updates this week for seven products —macOS, iOS, watchOS, iTunes for Windows, tvOS, iCloud for Windows, and Safari. Out of all the vulnerabilities patched this week, two stands out, mainly because they affect the kernels of macOS, iOS, watchOS, and tvOS alike. Two vulnerabilities stand out. The vulnerabilities are CVE-2018-4241 and CVE-2018-4243, both discovered by Google security engineer Ian Beer. Neither Beer nor Apple has released expansive details about these two bugs. Both issues are buffer overflows in the kernel code that can lead to an attacker executing malicious code within the context of the kernel, giving him full access to a device. But these are all the details currently available. In fact, Apple is currently still hiding the changelog of the iOS, watchOS, and tvOS security patches in an attempt to allow users to update without giving attackers a clue to what's hiding inside. Patches with links are posted on OUR FORUM.

An Internet Explorer zero-day vulnerability that came to light last month has now been incorporated in the RIG exploit kit, a web-based toolkit that malware authors use to infect a site's visitors with malware. The vulnerability in question is CVE-2018-8174. This vulnerability affects VBScript, the Visual Basic scripting engine that's included with Internet Explorer and Microsoft Office. On April 20, Bleeping Computer learned from a Chinese security researcher that a cyber-espionage group was using this vulnerability to infect users via Internet Explorer, as part of a series of attacks conducted by what later proved to be a North Korean state-sponsored hacking group. Security researchers from Qihoo 360, who first spotted these attacks, reported the vulnerability to Microsoft, and the company patched the bug in the May 2018 Patch Tuesday security updates, released on May 8. More details can be found on OUR FORUM.
 

The prognosticators at analyst company the IDC do not currently see a bright future for traditional PCs and notebooks. In their Worldwide Quarterly Personal Computing Device Tracker, they predict the PC market will decline 1.8% over the next 4 years, from 408.3 million units in 2018 to 386.2 million devices in 2022. The one bright spark, however, is the detachable market, which they expect to grow 9.8% over the same period, from 23.9 million devices in 2018 to 35.0 million devices in 2022. “Overall the challenges for traditional PCs and tablets remain the same as in past years,” said Ryan Reith, program vice president with IDC’s Worldwide Quarterly Mobile Device Trackers. “However, we continue to see pockets of opportunity and growth when you peel back the onion. With notebook PC's, it’s clear that marketing and development resources are being poured into premium/gaming, convertibles, and thin and light devices. All OEMs, some of which are new to space, seem to be laser-focused on these areas. Detachable tablets are another area that has seen growth, however, it currently feels like the trends around notebook growth opportunities have overshadowed detachable developments.” Learn more at OUR FORUM.

When we talk about computers connecting directly to your brain to interpret your thoughts and act on them, it evokes images of the Borg in Star Trek, but Microsoft is developing just such a technology, but for a very humanitarian reason. Satya Nadella told attendees at Microsoft’s eighth Ability Summit in Redmond that Microsoft is developing brain reading technology to assist people with locked-in syndrome, a rare neurological disorder that only allows people to communicate by eye movement. “How do you give them a language, because of just basically the ability to detect brain activity,” said Nadella. Microsoft has in recent years been brought a number of products designed to improve accessibility to market, including a Seeing Eye app which uses AI to describe scenes to those with visual difficulties and a new Xbox Adaptive Controller, which offers a cheap way for those with disabilities to connect adaptive controllers to their gaming console. “To me, being able to sort of really take that and channel it, see things like at one week where you have these thousands of folks across the company come together and invent these new technologies has been eye-opening for me,” he said. “In fact, I’m just getting ready to even host a dinner with some of the researchers that are working on the brain — you know, human-brain interface.” Learn more on OUR FORUM.

USB Implementers Forum (USB-IF), the organization which promotes USB technology, today announced a USB HID (Human Interface Device) standard for braille displays. This new standard will make it easier for the blind community to use a braille display across operating systems and different types of hardware. It will also enable easy development of braille devices as custom software and drivers created for a particular OS or screen reader is no longer needed. Microsoft collaborated with Apple and industry organizations to develop this new standard. “We see the opportunity that advancements in technology can create for people with disabilities and have a responsibility as an industry to develop new ways of empowering everyone to achieve more,” said Jeff Petty, Windows accessibility program manager lead at Microsoft. “Developing an HID standard for braille displays is one example of how we can work together, across the industry, to advance technology in a way that benefits society and ultimately improve the unemployment rate for people with disabilities.”“Technology should be accessible to everyone and Apple designs all products with that in mind,” said Sarah Herrlinger, director of Global Accessibility Policy and Initiatives at Apple. Further details can be found on OUR FORUM.

After it was reported that the VPNFilter botnet consisting of over 500,000 routers and NAS devices was taken over by the US government, the FBI issued an advisory stating that users should reboot their routers in order to disrupt the malware. Unfortunately, as shown by the five phone calls I received today, many people heard the reboot part but did not read the rest of the recommendations of turning off remote administration, changing passwords, and upgrading to the latest firmware. One step that was not mentioned is the fact that the only way to truly remove VPNFilter is to reset the router to factory defaults. Due to this, people are just resetting their routers but leaving part of the malware still present after it is rebooted. With that said, I have put together a guide on VPNFilter, what the FBI advisory is about, and the steps you should perform to clean and secure your router. VPNFilter is malware that targets routers and NAS devices in order to steal files, information, and examine network traffic as it flows through the device. When the malware is installed, it will consist of three different stages, with each stage performing specific functions. There's plenty more on OUR FORUM.

 

Latest Articles