Bad apples have given iPhone, Mac and iPad users more reasons to worry.
shared two security reports this week warning of serious vulnerabilities in some of its devices, which could allow attackers to take full control of iPhones, iPads and Macs.
Users were advised to update affected devices, including: iPhone 6S and later models; iPads of the 5th generation and several later models, as well as all iPad Pro models and the iPad Air 2; Mac computers with macOS Monterey; and some iPod models. The vulnerability also extends to Apple’s Safari browser on its Big Sur and Catalina operating systems, the company added in another update. Get all the latest software updates for your Apple devices here.
Read more: Update your devices: Apple reveals serious security vulnerabilities for iPhones, iPads and Macs
However, Friday morning there were several specific vulnerabilities targeting Mac operating software popular in real-time Google searches, including a hole in Zoom’s ZM,
security, as well as fraudulent Coinbase job postings.
The Zoom exploit was spotted by Patrick Wardle of the nonprofit Objective-See, which makes open-source macOS security tools. Wardle shared his findings at last week’s DefCon hacking and security conference. He was able to abuse Zoom’s automatic updater to access someone’s Mac. So Zoom released an update in response – update 5.11.5 (9880) – but some testers were still able to get around it. So Zoom brought a . from second patch — update 5.11.6 (9098) — which is now available.
Zoom shared on its security updates page that users can protect themselves by applying the current updates or downloading the latest Zoom software with all current security updates from zoom.us/download.
Some Apple users were also reportedly targeted by Lazarus, the North Korean state-sponsored hacking group, which targeted Apple and Intel INTC.
-based systems with macOS malware disguised as fake IT jobs from the cryptocurrency platform Coinbase COIN,
Opinion: Cyber attacks on national security targets will never end. That’s why going analog is part of the solution
The cyber-espionage campaign is reaching blockchain developers via LinkedIn and other platforms with a fake job offer, TechRadar reported. Then, after a few rounds of “interviews”, the attacker sends the victim what looks like a PDF with the task details – but it’s actually malware.
The security researchers at ESET Research Labs highlighted the malware on Twitter this week. They warned that it will drop three files: the bundle FinderFontsUpdater.app, the downloader safarifontagent, and a decoy PDF called Coinbase_online_careers_2022_07.pdf.
Coinbase has tips here for avoiding cryptocurrency scams, such as never giving anyone remote access to your device, and only contact Coinbase at the phone number listed at help.coinbase.com/ or by email at help.coinbase.com/ contact-us.
The US government sanctioned the Lazarus Group and two other “North Korean state-sponsored malicious cybergroups” in 2019, noting that Lazarus targets the government, military, financial institutions, the media and publishing houses. Lazarus was involved in the global WannaCry 2.0 ransomware attack in 2017, which caused billions of dollars in damage to more than 300,000 computers in 150 countries.
#Apple #Users #Update #Zoom #Beware #Fake #Coinbase #Jobs