Security Bits Logo

Security Bits – 02 November 2018

Followups

Notable Security Updates

Notable News

  • A study by scientists from the University of Michigan and the University of Michigan C. S. Mott Children’s Hospital has found that vast majority of the most popular free and paid games in the Google Play store aimed at young kids contain age-inappropriate ads, either because they are designed to confuse kids into clicking on things, or because they are for age-inappropriate things (Editorial by Bart: the study focused on the Play Store, and in general Apple’s pro-active vetting tends to reduce the amount of badness in the iOS store, I still think parents would be wise to test-play all games for their young kids from any app store) — www.reuters.com/…
  • Another lock screen bypass has been found in the latest version of iOS. This one allows to access contacts (Editorial by Bart: like with other recent lock screen bypasses, this one is not catastrophic because it only allows inappropriate access to contacts, not to the entire device, but it’s yet another reason to make a pro-active informed decision about what you allow on your lock screen. Please check the toggles under the Allow Access When Locked section in SettingsFace ID/ Touch ID & Passcode) — nakedsecurity.sophos.com/…
  • Security researchers have found a new way to embed malware in Microsoft Word documents. The technique allows attackers to inject code that will get executed when the document is opened in Word, and will not trigger any security warnings before execution. The technique exploits Word’s support for embedding web videos into .docx documents. Microsoft’s response implies that are not planning a fix any time soon (Editorial by Bart: yet another reason never to open an Office document received unexpectedly) — nakedsecurity.sophos.com/…
  • Bloomberg has highlighted a new trend in the mobile ad space – uninstall trackers. By using some clever tricks app analytics platforms can figure out which users un-installed which apps, and allow advertisers to ‘remarket’ to those users. This is likely to turn into the next privacy cat-and-mouse game — www.bloomberg.com/… & nakedsecurity.sophos.com/…
  • Apple have removed the list of all in-App purchases from both of their app stores — www.tekrevue.com/…
  • Google have improved both their pro-active account protections, and, their account recovery process. The only small down-side is that in order to make these improvements possible, Google now require JavaScript be enabled to log in to any Google service in a browser — nakedsecurity.sophos.com/…
  • 🇺🇸 The latest update to the DMCA rules makes it legal to circumvent DRM in order to repair a device — motherboard.vice.com/…
  • Apple Just Killed The ‘GrayKey’ iPhone Passcode Hack — www.forbes.com/…
  • Apple’s updated documentation reveals that as well as protecting encryption keys and facilitating secure boot, the T2 security chip also physically disconnects the microphone when a laptop’s lid is closed, making it impossible for any software, even if it gains full system-level privileges, from engaging the microphone while the lid is closed — techcrunch.com/…

Suggested Reading

Palate Cleansers

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top