Patch Your Apple, Update Linux And Reboot Your Router

Source: Ars Technica Patch Your Apple, Update Linux And Reboot Your Router

Surprisingly, Windows Is Not Included In The Patch Bonanza

If you are running iOS 16, macOS 13 Ventura, iPadOS 16.5.1, macOS 13.4.1, and watchOS 9.5.2 you had better get patching!   There are two zero days out there you are vulnerable to and they are rather nasty.  One is a kernel-level flaw which can be leveraged to execute arbitrary code with kernel privileges while the second is a WebKit bug which will execute code if you end up on a malicious website.   They are both being exploited as you read this, so start that update now.

Linux users shouldn’t snicker right now, as Linux and Linux based IoT devices are being hijacked as part of a new and quite large campaign.   If an attacker can gain access to your device somehow, they will inject a trojanized OpenSSH package which will happily steal all your SSH credentials, while hiding itself under a different SSH credentials.   There is no solution as of yet, but Bleeping Computer has a detailed description of the attack which may help you to determine if you are a victim.

Last and not least, a new version of the Mirai botnet is targeting D-Link, Arris, Zyxel, TP-Link, Tenda, Netgear, and MediaTek devices.  There are 22 flaws for the botnet to choose from and the targets include far more than routers, there are vulnerable digital and network video recorders, WiFi communication dongles, thermal monitoring systems, access control systems, and even solar power generation monitors.  The list of vulnerabilities is available at Bleeping Computer along with suggestions on mitigation.

One of the vulnerabilities, CVE-2023-32434, is a kernel-level flaw that can allow apps to "execute arbitrary code with kernel privileges." The other, a WebKit bug labeled CVE-2023-32439, can allow the execution of arbitrary code after processing "maliciously crafted web content."

Video News

About The Author

Jeremy Hellstrom

Call it,, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!