{"id":23502,"date":"2023-12-01T10:30:10","date_gmt":"2023-12-01T18:30:10","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2023\/12\/01\/news-17232\/"},"modified":"2023-12-01T10:30:10","modified_gmt":"2023-12-01T18:30:10","slug":"news-17232","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2023\/12\/01\/news-17232\/","title":{"rendered":"Apple secures WebKit as global ransomware attacks surge"},"content":{"rendered":"

<\/p>\n

If nothing else, Apple\u2019s most recent emergency security update should be considered proof of an increasingly tense security environment.<\/p>\n

Enterprises must understand that while Apple maintains a pretty solid ecosystem \u2014 certainly at present the most secure, even according to Cisco<\/a>\u00a0\u2014 that doesn\u2019t mean it\u2019s entirely safe, and every Apple customer needs to get wise to the growing proliferation of threats.<\/p>\n

With more and more business users turning to the company\u2019s solutions<\/a>, it\u2019s important to get ahead of the threat.<\/p>\n

The latest\u00a0Orange Cyberdefense Security Navigator Report<\/a> claims a global 46% surge in cyber-extortion attacks across the last year \u2014 and warns that just over a third (37.45%) of detected incidents originated from internal actors, not all of these by accident.<\/p>\n

With employees and trusted insiders remaining the soft vulnerable point for a third of attacks, it\u2019s essential every business and every user spend time learning about the best approach to online security.<\/p>\n

The Orange report points out that attacks are taking place at strategic points in the supply chain. It warns that larger enterprises are the most targeted entities, and points to a surge in attacks against the manufacturing sector.<\/p>\n

Ransomware, it seems, has become so prevalent that some of the more organized groups now host help desks<\/a> targets can contact for assistance \u2014 and to arrange payment and data recovery.<\/p>\n

Keep these findings in mind as you consider Apple\u2019s latest emergency security updates<\/a>. Released at the end of November, these address two zero-day vulnerabilities (CVE-2023-42916 and CVE-2023-42917) that have been exploited by hackers to access sensitive information on Apple devices and\/or to execute arbitrary code by using malicious webpages to take advantage of a memory corruption bug.<\/p>\n

Michael Covington, vice president of portfolio strategy at Jamf, explained:<\/p>\n

\u201cThese latest OS updates, which address bugs in Apple\u2019s WebKit<\/a>, show that attackers continue to focus on exploiting the framework that downloads and presents web-based content. The latest bugs could lead to both data leakage and arbitrary code execution and appear to be tied to targeted attacks that are common against high-risk users.\u201d<\/p>\n

It\u2019s quite natural that WebKit has become a prime attack target against Apple\u2019s devices.<\/p>\n

That\u2019s inevitable as the company at present won\u2019t support other browser engines<\/a>, meaning that even non-Apple browsers make use of WebKit. This might change as regulators seem insistent on forcing Apple to open up, though when it does, it will allow criminals to try multiple web engines and app stores to crack their way into Apple\u2019s devices. We\u2019ll see how that goes<\/a>.<\/p>\n

Security researchers, meanwhile, continue to kick WebKit around in their attempt to find vulnerabilities before the bad guys do, and hopefully get an Apple security bounty payment<\/a> for their trouble. But the fact that WebKit is such a popular attack vector should really inform every Apple user as to how they are being attacked \u2014 think dodgy web links in messages and emails, finely crafted phishing sites, and offers that are too good to be true on sites you don\u2019t entirely trust.<\/p>\n

Those are the vectors being used.<\/p>\n

In this environment, a relatively recent survey from Qualys is all the more frightening; it claimed over half the Macs in use today might\u00a0not yet have installed the latest security software upgrades<\/a>. That really has to change (and\u00a0Apple knows it<\/a>).<\/p>\n

At the same time, battle is joined.<\/p>\n

The industry is keenly aware\u00a0of the nature of the attacks<\/a>\u00a0taking place, but everyone can play their part. Update your devices swiftly.<\/p>\n

\u201cThough these patches validate that Apple devices are not immune to cyber threats, the patching process is helping to reduce the attack surface,\u201d said Covington.<\/p>\n

You don\u2019t want to be an easy target now, do you?\u00a0<\/p>\n

Patch today.<\/p>\n

Please follow me on\u00a0Mastodon<\/a>, or join me in the\u00a0AppleHolic\u2019s bar & grill<\/a>\u00a0and\u00a0<\/em>Apple<\/em>\u00a0Discussions<\/em><\/a>\u00a0groups on MeWe.<\/em><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

\n
\n

If nothing else, Apple\u2019s most recent emergency security update should be considered proof of an increasingly tense security environment.<\/p>\n

Enterprises must understand that while Apple maintains a pretty solid ecosystem \u2014 certainly at present the most secure, even according to Cisco<\/a>\u00a0\u2014 that doesn\u2019t mean it\u2019s entirely safe, and every Apple customer needs to get wise to the growing proliferation of threats.<\/p>\n

With more and more business users turning to the company\u2019s solutions<\/a>, it\u2019s important to get ahead of the threat.<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[2211,10480,10403,10554,714,24580],"class_list":["post-23502","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-apple","tag-ios","tag-macos","tag-mobile","tag-security","tag-small-and-medium-business"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23502","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=23502"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23502\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=23502"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=23502"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=23502"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}