Feedback & Followups

• Thanks to the iOS 17 & macOS Sonoma Betas we now know more about how password sharing in iCloud Keychain will work — www.macobserver.com/… (iOS) & appleinsider.com/… (macOS)
  • Everyone needs to have an iCloud account with iCloud keychain enabled
  • Everyone will need to be on the latest OSes
  • The creator of the group will invite others to join it via an invite link, and they’ll need to accept that invite to join the group

❗ Action Alerts

• Apple Updates All Active Operating Systems to Block Exploited Security Vulnerabilities — tidbits.com/…
  • This is a fix for the bugs in the exploit recently revealed by Kaspersky — nakedsecurity.sophos.com/…
• Patch Tuesday — no Zero-days this month, but still 4 critical patches from Microsoft — nakedsecurity.sophos.com/… & krebsonsecurity.com/…
• ASUS warns router customers: Patch now, or block all inbound requests — nakedsecurity.sophos.com/…

Worthy Warnings

• 🇨🇦 UPS is warning Canadian users that a bug in their online tracking tool was leaking phone numbers and that attackers are using these leaked numbers to actively target users with SMS-based phishing (Smishing) attacks that include correct recent shipment details — krebsonsecurity.com/…

Notable News

• The W3C has published the new Secure Payments Confirmation (SPC) specification as a Candidate Recommendation, a major milestone to becoming a standard. When implemented, this will allow browsers to use FIDO standards to cryptographically verify user consent to online card payments, closing off a commonly used avenue for fraud — [appleinsider.com/…](https://appleinsider.com/articles/23/06/15/a-new-web-standard-will-add-another-layer-of-security-to-online-payment-services-like-apple-pay & www.w3.org/…
• With its latest OS betas, Apple has started testing Passkeys for logging in to Apple websites — www.cultofmac.com/…
• Save and sign in with passkeys in your browser (beta) | 1Password support.1password.com/…

Interesting Insights

• 🎧 An interview with the person leading Passkey support in 1Password: The Changelog: Passkeys for a passwordless future — overcast.fm/…
• AI – the technology becomes ubiquitous, a vast tasker underclass is emerging — and not going anywhere. AI Is a Lot of Work — theverge.com/…

Palate Cleansers

• 🎧 Season 2 of the BBC World Service’s podcast on North Korea’s state hacking group is now fully released: The Lazarus Heist: Season 2 Episode 1 – Jackpotting — overcast.fm/…

Legend

When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by Bart.

Emoji	Meaning
🎧	A link to audio content, probably a podcast.
❗	A call to action.
flag	The story is particularly relevant to people living in a specific country, or, the organisation the story is about is affiliated with the government of a specific country.
📊	A link to graphical content, probably a chart, graph, or diagram.
🧯	A story that has been over-hyped in the media, or, “no need to light your hair on fire” 🙂
💵	A link to an article behind a paywall.
📌	A pinned story, i.e. one to keep an eye on that’s likely to develop into something significant in the future.
🎩	A tip of the hat to thank a member of the community for bringing the story to our attention.