New Mac OS X Vulnerability Threatens All Versions

In recent months, Apple has been increasingly on the receiving end of unwanted attention from the hacking community. Apple’s OS offerings have long been touted as being more robust and secure than Microsoft’s Windows, and so far, the company is living up to that reputation. The reality, however, is that given the sheer number of iPads and iPhones in use around the world today, the company is an attractive target for the hacking community.

Security company SentinelOne has recently discovered the latest flaw in Apple’s OS X operating system, which bypasses the SIP (System Integrity Protection) protocols the company has in place to prevent local privilege escalation. SentinelOne describes this non-memory corruption as being stable, extremely reliable, and logic based. It does not crash the machine or process that it takes over, which would give the device’s owner a clue that something was amiss. In short then, this zero day vulnerability is something that is less likely to be used by your run of the mill hacker than it would by nations, sponsoring highly targeted stealth attacks against other nations.

By their nature, zero day flaws are extremely difficult to discover, simply because the engineers who designed and built the devices in question aren’t looking for them. For the same reason, these kinds of flaws are virtually impossible for antivirus software to detect, because the software works by looking for symptoms or virus signatures it can match to the database of known threats.

In any case, so far, Apple has had a stellar track record when it comes to patching vulnerabilities to their system, in many cases, releasing a patch just 48-72 hours after a flaw is discovered. It’s possible then, that by the time you read these words, Apple will already have a fix released, or at least a firm date for it. At this point in time, however, they do not.

 If you need some additional information Call us we can help.  

DEVI MAZUMDAR – OWNER
210-243-2337
CMIT Solutions of San Antonio NE
http://www.sanecmit.com/
14080 Nacogdoches Rd, San Antonio, TX 78247

Used with permission from Article Aggregato

Microsoft Upgrade Deadline Extended But Don’t Wait Too Long

Microsoft really wants everyone who uses their OS to upgrade to Windows 10. In fact, this desire is so strong, that they’ve taken a remarkable step. Going forward, all new chipsets produced by Intel, AMD, Qualcomm, and others will only support Windows 10. You won’t be able to upgrade your old hardware with newer, faster, better chips, unless you also upgrade your OS.

There is a small but vocal minority of users that have been upgrading their hardware to stay current, but have kept using older (now outdated) operating systems. Reasons vary from one person to the next, but there are some legitimate concerns for these folks, including legacy support and backwards compatibility issues. Some older applications may not run at all on Windows 10, and it’s going to be both difficult and expensive for these users to upgrade. They may not have a choice, at least not if they want to keep getting security patches.

Microsoft has been understanding, and has extended the deadline for support cutoff on a couple of occasions, but the bottom line is that the day’s coming when you’ll no longer be able to get support. The company has given a variety of dates, so some users may be confused by this. We’ll lay those dates out here, and what they mean:

July 17, 2017 – This was the original deadline set by Microsoft. As of this date, if you’re using Intel’s latest “Skylake” chips, but running Windows 7 or 8.1, you will be restricted to only the most critical updates and security fixes.

July 17, 2018 – This was their compromise with the group mentioned above. A one-year extension to continue receiving critical updates.

After this date passes, the only updates available will be critical patches that address security issues. There will be no additional functionality updates, critical or no. The final deadline for Windows 7 (no more updates at all, including no additional security fixes) is January 14, 2020. The final deadline for Windows 8.1 (no more updates at all, including no additional security fixes) is January 14, 2023. It is unlikely that Microsoft will be swayed to push these dates back further, no matter how loud the chorus of complaints gets. If you’re in this boat, it’s best to start planning for the inevitable now.

If you need some additional information Call us we can help.  

DEVI MAZUMDAR – OWNER
210-243-2337
CMIT Solutions of San Antonio NE
http://www.sanecmit.com/
14080 Nacogdoches Rd, San Antonio, TX 78247

Used with permission from Article Aggregator

New Malware Can Hijack Your iPhone

There’s another new attack vector to beware of if you own an iPhone. This new attack, called AceDeceiver MITM is quite possibly the most convoluted attack the hackers have come up with yet, and stands as an excellent example of just how far the hackers will go to get to your personal information.

To set the stage for this attack, the hackers purchase an app from the Apple store, taking advantage of a flaw in Apple’s DRM protection module known as FairPlay. They save the authorization code, then design software that simulates the iTunes client behavior sufficiently to trick iOS into believing that the app was purchased by the target victim. This enables the app to be installed on the phone without the user’s knowledge or consent. Once installed, the app is used as a launch pad to install whatever else the hackers desire. Other apps, snooping protocols, and the like.

Convoluted or not, it’s a stunningly creative and effective attack that’s virtually impossible to stop. The only outward sign that you’re being targeted will be new icons for Apps that you don’t remember installing.

As bad as this sounds, there is a bit of a silver lining. For the moment, at least, these attacks have been restricted to users in China, so unless you’re there, odds are that you won’t run afoul of this attack. The hope, of course, is that Apple will be able to close the security loophole that makes this attack possible before it becomes more widespread, although at this point, there has been no word from Apple regarding a time frame for the fix.

This latest attack clearly demonstrates just how difficult it is for any tech vendor to completely secure their equipment. The hackers are simply testing scenarios that the design team never envisioned, and it’s working. 2016 is shaping up to be a very busy year in the field of internet security. If you need some help with removing virus Call us we can help.  

DEVI MAZUMDAR – OWNERCMIT Solutions of San Antonio NEhttp://www.sanecmit.com/14080 Nacogdoches Rd, San Antonio, TX 78247

Used with permission from Article Aggregator