Feed aggregator
Update now! Apple confirms vulnerabilities are already being exploited
Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS.
The updates for iOS and Intel-based Mac systems are especially important, as they tackle vulnerabilities that are being actively exploited by cybercriminals. You should make sure you update as soon as you can.
To check if you’re using the latest software version, go to Settings > General > Software Update. It’s also worth turning on Automatic Updates if you haven’t already, which you can do on the same screen.
To determine whether your Mac is Intel-based or equipped with Apple silicon, follow these simple steps:
- Click the Apple icon in the top-left corner of your screen.
- Select About This Mac.
- Check the information:
- If you see an item labeled Chip, your Mac has Apple silicon (like M1, M2, or M3).
- If you see an item labeled Processor, it indicates that your Mac is Intel-based, and the specific Intel processor name will be listed next to it.
Because Apple does not share details until everyone has had a chance to update, it is hard to figure out what the exact problem is. But there are some things we can deduct from the given information.
The vulnerabilities that Apple says may have been actively exploited on Intel-based Mac systems are:
CVE-2024-44308: a vulnerability in the JavaScriptCore component. Processing maliciously crafted web content may lead to arbitrary code execution. This means that an attacker will have to trick a victim into opening a malicious file containing web content.
JavaScriptCore is the built-in JavaScript engine for WebKit that enables cross-platform development by providing a way to execute JavaScript within native iOS and macOS applications.
CVE-2024-44309: a cookie management issue in the WebKit component was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross-site scripting attack.
We don’t just report on macOS security—we provide it.
Cybersecurity risks should never spread beyond a headline. Keep threats off your Mac by downloading Malwarebytes for Mac today.
This MagSafe Wallet With Find My Is Half the Price of Apple's Version and Holds More Cards
Foresight: Timeline-First Life Planner
Article URL: https://foresight.voigon.com/
Comments URL: https://news.ycombinator.com/item?id=42193627
Points: 1
# Comments: 0
If You Order Chipotle Online, You Are Probably Getting Less Food
Article URL: https://gmcirco.github.io/blog/posts/chipotle-weight/youtube-food.html
Comments URL: https://news.ycombinator.com/item?id=42193616
Points: 1
# Comments: 0
Ask HN: Future Proofing Career (Quantum computing?)
I’m a senior software developer at a small shop. I’m self taught, have played around with most languages and technologies because they’re just fun. Currently I’m the data/full stack guy (generalist) because of my experience with data warehouse. So I do sprocs/queries, c# backend, react front end, anything that needs to be done.
My degree is in accounting and I’ve been an accountant, a data analyst, data warehouse manager, currently software developer.
It’s important to note that I’ve always been an I individual contributor and not a manager. I’ve managed cross departmental projects in the past, with many stakeholders but don’t have any direct experience as a manager. I don’t mind that as I think being an IC has always been rewarding. I’ve worked in construction, local government, health spaces.
I’m wondering if I should get a masters in some stem field to future proof my career. I’ll need to start with some math courses as my accounting degree doesn’t quite cut it but am looking at where quantum computing/engineering may be 10 years from now.
Comments URL: https://news.ycombinator.com/item?id=42193612
Points: 1
# Comments: 0
Ask HN: How do you deal with your growing KeyChain/Passwords.app database?
I currently have a few thousand entries in my Passwords.app, and additionally a few hundred entries in my KeyChain that are not web passwords.
This list is only growing with no viable option for some automatic or semi-auto removal of things that I don't need or otherwise don't exist anymore.
I once tried to check the oldest entries and found almost half of them pointing to websites or services that don't exist anymore. (Everything else aside, always sad to see how things die on the Internet, often for no good reason).
Many of the entries were not needed anymore, so I went and requested account deletion whenever possible, one by one.
However, going through and cleaning up even a single year in the past took me several days (!)
Someone can say "disk storage for a few thousand DB entries is cheap, don't worry and forget about it" and I guess it's what most people do.
Still, if you see it as a problem (say, what if your DB leaks one day?) any solutions you can suggest?
Comments URL: https://news.ycombinator.com/item?id=42193611
Points: 2
# Comments: 1
Engineers transform smartphones into instruments for studying space
Article URL: https://techxplore.com/news/2024-11-smartphones-instruments-space.html
Comments URL: https://news.ycombinator.com/item?id=42193605
Points: 1
# Comments: 0
Don't Call It a Substack
Article URL: https://www.anildash.com//2024/11/19/dont-call-it-a-substack/
Comments URL: https://news.ycombinator.com/item?id=42193591
Points: 1
# Comments: 0
An AI startup CEO has been charged with defrauding investors out of $10M
Article URL: https://www.businessinsider.com/joanna-smith-griffin-forbes-30-under-30-fraud-2024-11
Comments URL: https://news.ycombinator.com/item?id=42193590
Points: 2
# Comments: 0
Why HN always has the most pompous, snobbish posts appearing on the front page?
I get the posts where people discuss databases and servers and programming languages. I don't get the posts like below, from the first two pages:
-Discarded delights: The joy of ex-library books -Shift Left Is the Tip of the Iceberg -Nickel Plating Handbook -Decisions and Dragons -A Man of Parts and Learning Fara Dabhoiwala on the Portrait of Francis Williams
Are they synthetically pushed to the top to water down the tech content? Is there an astroturfing effort from the posters? Or is there general interest in that stuff and I'm the only one who's dumb?
Comments URL: https://news.ycombinator.com/item?id=42193581
Points: 1
# Comments: 0
Nvidia's new server design hits a roadblock, AI chips overheating beyond control
Nearly 70% of US Smartphone Owners Have Never Sold Their Old Phones. Here's Why
The Back of this Gaming Phone Turns Into a Mini-LED Retro Arcade
I Need Apple to Make These Changes to the iPhone 17's Camera
How to Make the Fastest, Crispiest Stuffing in Thanksgiving History
Best King-Size Mattresses for 2024, Tested and Reviewed by CNET’s Sleep Experts
Basic co-creator Thomas Kurtz hits END at 96
Article URL: https://www.theregister.com/2024/11/20/rip_thomas_kurtz/
Comments URL: https://news.ycombinator.com/item?id=42193557
Points: 1
# Comments: 0
Switch 2 Rumors: Don't Buy a Switch Just Yet video
Best VPN for Your Smart TV
Bluesky is ushering in a pick-your-own algorithm era of social media
Article URL: https://www.newscientist.com/article/2456782-bluesky-is-ushering-in-a-pick-your-own-algorithm-era-of-social-media/
Comments URL: https://news.ycombinator.com/item?id=42193549
Points: 3
# Comments: 0