Feed aggregator

Update now! Apple confirms vulnerabilities are already being exploited

Malware Bytes Security - Wed, 11/20/2024 - 8:12am

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS.

The updates for iOS and Intel-based Mac systems are especially important, as they tackle vulnerabilities that are being actively exploited by cybercriminals. You should make sure you update as soon as you can.

To check if you’re using the latest software version, go to Settings > General > Software Update. It’s also worth turning on Automatic Updates if you haven’t already, which you can do on the same screen.

To determine whether your Mac is Intel-based or equipped with Apple silicon, follow these simple steps:

  • Click the Apple icon in the top-left corner of your screen.
  • Select About This Mac.
  • Check the information:
    • If you see an item labeled Chip, your Mac has Apple silicon (like M1, M2, or M3).
    • If you see an item labeled Processor, it indicates that your Mac is Intel-based, and the specific Intel processor name will be listed next to it.
Technical details

Because Apple does not share details until everyone has had a chance to update, it is hard to figure out what the exact problem is. But there are some things we can deduct from the given information.

The vulnerabilities that Apple says may have been actively exploited on Intel-based Mac systems are:

CVE-2024-44308: a vulnerability in the JavaScriptCore component. Processing maliciously crafted web content may lead to arbitrary code execution. This means that an attacker will have to trick a victim into opening a malicious file containing web content.

JavaScriptCore is the built-in JavaScript engine for WebKit that enables cross-platform development by providing a way to execute JavaScript within native iOS and macOS applications.

CVE-2024-44309: a cookie management issue in the WebKit component was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross-site scripting attack.

We don’t just report on macOS security—we provide it.

Cybersecurity risks should never spread beyond a headline. Keep threats off your Mac by downloading Malwarebytes for Mac today.

Categories: Malware Bytes

This MagSafe Wallet With Find My Is Half the Price of Apple's Version and Holds More Cards

CNET Feed - Wed, 11/20/2024 - 8:11am
Ditch your bulky wallet and AirTag for this sleek ESR wallet, now just $30 ahead of Black Friday.
Categories: CNET

Foresight: Timeline-First Life Planner

Hacker News - Wed, 11/20/2024 - 8:10am

Article URL: https://foresight.voigon.com/

Comments URL: https://news.ycombinator.com/item?id=42193627

Points: 1

# Comments: 0

Categories: Hacker News

Ask HN: Future Proofing Career (Quantum computing?)

Hacker News - Wed, 11/20/2024 - 8:08am

I’m a senior software developer at a small shop. I’m self taught, have played around with most languages and technologies because they’re just fun. Currently I’m the data/full stack guy (generalist) because of my experience with data warehouse. So I do sprocs/queries, c# backend, react front end, anything that needs to be done.

My degree is in accounting and I’ve been an accountant, a data analyst, data warehouse manager, currently software developer.

It’s important to note that I’ve always been an I individual contributor and not a manager. I’ve managed cross departmental projects in the past, with many stakeholders but don’t have any direct experience as a manager. I don’t mind that as I think being an IC has always been rewarding. I’ve worked in construction, local government, health spaces.

I’m wondering if I should get a masters in some stem field to future proof my career. I’ll need to start with some math courses as my accounting degree doesn’t quite cut it but am looking at where quantum computing/engineering may be 10 years from now.

Comments URL: https://news.ycombinator.com/item?id=42193612

Points: 1

# Comments: 0

Categories: Hacker News

Ask HN: How do you deal with your growing KeyChain/Passwords.app database?

Hacker News - Wed, 11/20/2024 - 8:08am

I currently have a few thousand entries in my Passwords.app, and additionally a few hundred entries in my KeyChain that are not web passwords.

This list is only growing with no viable option for some automatic or semi-auto removal of things that I don't need or otherwise don't exist anymore.

I once tried to check the oldest entries and found almost half of them pointing to websites or services that don't exist anymore. (Everything else aside, always sad to see how things die on the Internet, often for no good reason).

Many of the entries were not needed anymore, so I went and requested account deletion whenever possible, one by one.

However, going through and cleaning up even a single year in the past took me several days (!)

Someone can say "disk storage for a few thousand DB entries is cheap, don't worry and forget about it" and I guess it's what most people do.

Still, if you see it as a problem (say, what if your DB leaks one day?) any solutions you can suggest?

Comments URL: https://news.ycombinator.com/item?id=42193611

Points: 2

# Comments: 1

Categories: Hacker News

Why HN always has the most pompous, snobbish posts appearing on the front page?

Hacker News - Wed, 11/20/2024 - 8:04am

I get the posts where people discuss databases and servers and programming languages. I don't get the posts like below, from the first two pages:

-Discarded delights: The joy of ex-library books -Shift Left Is the Tip of the Iceberg -Nickel Plating Handbook -Decisions and Dragons -A Man of Parts and Learning Fara Dabhoiwala on the Portrait of Francis Williams

Are they synthetically pushed to the top to water down the tech content? Is there an astroturfing effort from the posters? Or is there general interest in that stuff and I'm the only one who's dumb?

Comments URL: https://news.ycombinator.com/item?id=42193581

Points: 1

# Comments: 0

Categories: Hacker News

Nearly 70% of US Smartphone Owners Have Never Sold Their Old Phones. Here's Why

CNET Feed - Wed, 11/20/2024 - 8:03am
A CNET survey revealed that data privacy is a key reason why many smartphone owners in the US hold onto their old devices instead of selling them.
Categories: CNET

The Back of this Gaming Phone Turns Into a Mini-LED Retro Arcade

CNET Feed - Wed, 11/20/2024 - 8:02am
The Asus ROG Phone 9 Pro's biggest design change makes the rear LED display a fun way to get a quick gaming fix.
Categories: CNET

I Need Apple to Make These Changes to the iPhone 17's Camera

CNET Feed - Wed, 11/20/2024 - 8:02am
Commentary: With competition stiffer than ever, the next iPhone's camera really needs to impress.
Categories: CNET

How to Make the Fastest, Crispiest Stuffing in Thanksgiving History

CNET Feed - Wed, 11/20/2024 - 8:02am
There's a secret weapon, and it's sitting on your countertop.
Categories: CNET

Best King-Size Mattresses for 2024, Tested and Reviewed by CNET’s Sleep Experts

CNET Feed - Wed, 11/20/2024 - 8:01am
Need a mattress fit for a king? We took a look at some of the biggest names in the game -- Brooklyn Bedding, WinkBeds, and Layla Sleep -- to find the best king-size mattresses you can grab today.
Categories: CNET

Switch 2 Rumors: Don't Buy a Switch Just Yet video

CNET Feed - Wed, 11/20/2024 - 8:00am
We run through a round up of Switch 2 rumors.
Categories: CNET

Best VPN for Your Smart TV

CNET Feed - Wed, 11/20/2024 - 8:00am
These VPNs for your smart TV let you unblock geo-protected content like foreign Netflix, Disney Plus and Amazon Prime Video libraries.
Categories: CNET

Pages