Tag Archives: Apple TV

Make Sure to Update Your Apple Devices

If you follow my weekly security video, WatchGuard Security Week in Review, you probably already know that Apple released both an OS X and Safari security update last week. Hopefully, you’ve already applied those two updates, but if not I highly recommend you do so immediately. Among other things, the OS X update includes a Java related security fix. Lately, cyber criminals have really targeted Java in attacks against both Macs and PCs, so it’s important you apply all Java related updates as quickly as you can.

This week, Apple also released iOS and Apple TV security updates. These updates fix a number of security issues in these popular products. High on the list of fixed issues was a very highly publicized lock screen bypass flaw in iOS, which an attacker could exploit to gain access to the data on your phone when lost or stolen. iOS 6.1.3 fixes that particular lock screen issues, and a few other vulnerabilities. However, later in the week news emerged of another lockscreen flaw that affects iPhone 4s. So it looks like Apple will have some more lock screen related updates in their future.

In any case, if you use Apple devices, you’re probably affected by at least one of these issues. So I recommend you go get the corresponding updates, or let Apple’s automatic update mechanisms do their job. — Corey Nachreiner, CISSP (@SecAdept)

WatchGuard Security Week in Review: Episode 9

Lots of Software Updates, a Few Breaches, and One Anonymous Story

Missed this week’s security news? No problem. WatchGuard’s Security Week in Review video will fill you in. This week I talk about all the Microsoft Patch Day updates, a few significant network attacks, and a booby-trapped Anonymous Linux distribution. Watch below to learn more.

By the way, in the video I talk about a serious Windows RDP flaw, and the rumor that someone had released a  public exploit targeting this flaw. This morning, right after I produced this week’s video, I learned that the exploit has indeed gone public. So far, the researcher has only released a “proof-of-concept” exploit, which will crash the RDP service. No one has released a “weaponized” exploit yet. However, with this code available it’s only a matter of time. While I’ve said this quite a few times this week, I highly suggest you apply Microsoft’s RDP patch now!

As always, I include an Episode Reference guide below, where you can read more about each of these stories. As an aside, thanks for your comments and suggestions last week – keep them coming. I have noted that many people would like a shorter intro to the video. I wasn’t able to change it this week, but I will soon. (Video Runtime: 7:46)

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

WatchGuard Security Week in Review: Episode 8

Anonymous Arrests, Security Updates, and Pwn2Own

Another busy security week, another quick video summary. WatchGuard’s Security Week in Review is now up for your viewing pleasure. In this episode, I talk about LulzSec informants, Anonymous arrests, various software security updates, and a popular web browser hacking competition. It turned out to be quite a drama filled week for security, so check out the video below to learn more.

As always, I include an Episode Reference guide below, where you can read more about each of these stories.

Also, I’m looking for your feedback. I’d like to get more people to watch our weekly security podcast. Over the last few weeks, I’ve posted each episode around Friday afternoon, Pacific Standard Time. However, I realize many of you may be leaving for the weekend at this time. So I’d like to ask, when is the best time for you to receive “week in review” subject matter? Should I post our episodes earlier, which may risk missing a few stories from the end of the week? Or would you prefer I post it first thing Monday, so you can learn what happened the week before. If you have an opinion on the matter, let me know in the comments section of this post. (Video Runtime: 8:37)

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

Apple iOS, iTunes, and TV Security Updates

As I’m sure most Apple lovers are aware, Apple announced the new iPad this week (which they literally just call the “new iPad’).

While the new iPad has nothing directly to do with security, it does deliver a new version of iOS, which fixes 81 security vulnerabilities in the popular mobile operating system. If you own an iPad, iPhone, or iPod you’ll certainly want to grab iOS 5.1 to get these security fixes (assuming your generation “iDevice” can run it).

On top of the new iOS release, Apple also released security updates for iTunes and Apple TV. Below I list all of Apple’s recent security advisories:

If you use any of the affected Apple products, you should follow the links above to learn more about the flaws these updates fix. You can also download all the relevant updates from Apple’s Downloads page, or let Apple’s automatic update software do it for you.

Finally, if you are one of the many people who plan to run out and buy a new iPad, and you plan to use it at work, you should do two things. First, definitely find out what your organization’s policies are on personal mobile devices. Second, spend some time thinking about and researching mobile device security. You can get a quick start on some iPad security tips from these two articles [ 1 / 2 ]. — Corey Nachreiner, CISSP (@SecAdept)

Apple Releases a Pile of Security Updates in October

If you use Apple products, you’ll be busy updating this month. Today, Apple released a bunch of security advisories (on their Security Update page), informing customers of updates for many of their products. Here’s a list of security advisories for all the updated products:

If you use any of the affected Apple products, you should follow the links above to learn more about the flaws these updates fix. You can also download all the relevant updates from Apple’s Downloads page, or let Apple’s automatic update software do it for you.

We’ll release a more complete alert on Apple’s OS X update in awhile. Meanwhile, you can get a head start on the OS X update, and all the others, by visiting the links above. — Corey Nachreiner, CISSP (@SecAdept)


Follow

Get every new post delivered to your Inbox.

Join 7,384 other followers

%d bloggers like this: