Loading ...thanks for your post.
Zero Hedge is one of my early AM reads, so I had already done the update, but I did so before reading the Reader Comments !
Ugh – talk about, screwed if you do, screwed if you don’t.
If we can’t trust the DHS – who can we trust?
(hmmm, the CDC; FBI; CIA; IRS; DOJ; SEC…. come to mind 🤔)
from Reader Comments: “If DHS advises you to do something, just do the opposite.”
DHS Warns Millions Of iPhone Users To Change Settings Over “Zero-Day Spyware” | ZeroHedge
———————————————————————————————————————————–
[snip] DHS Warns Millions Of iPhone Users To Change Settings Over “Zero-Day Spyware”
THURSDAY, FEB 16, 2023 – 07:32 AM
An agency within the Department of Homeland Security has warned owners of Apple products of a security vulnerability which affects iPhones, iPads and MacOS devices.
According to Apple, “an app may be able to execute arbitrary code with kernel privileges,” and that with another vulnerability, “processing maliciously crafted web content may lead to arbitrary code execution,” which the company says “may have been actively exploited.”
On February 14, the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) issued a statement advising users and administrators to “to review the Apple security updates page for the following products and apply the necessary updates as soon as possible.”
Apple has responded to the vulnerability with updates for Safari 16.3.1, iOS 16.3.1 and iPadOS 16.3.1, and macOS 13.2.1.
“Just looking at a website, which ought to be harmless, or opening an app that relies on web-based content for any of its pages (for example its splash screen or its help system), could be enough to infect your device,” said security research firm Sophos, which described the flaws as a “zero-day spyware implant bug.”
“If you install Firefox (which has its own browser ‘engine’ called Gecko) or Edge (based on a underlying layer called Blink) on your Mac, those alternative browsers don’t use WebKit under the hood, and therefore won’t be vulnerable to WebKit bugs.”
Company spokesman Scott Radcliffe told Endgadget that it doesn’t have any more details on the exploits mentioned in the security updates……More via The Epoch Times: