It’s a Good Day to Update All Your Devices
Hackers are targeting zero-day vulnerabilities across the board
Another day, another nag from your iPhone and Mac that an update is ready. And from Chrome. And for Microsoft, it’s patch Tuesday, so that’s another round of installs on your plate. As tempting as it may be to kick these down the road—why not just wait for iOS 15 in a few weeks?—you’ll want to go ahead and get these done.
Yes, this is standard advice; you should keep your software as up to date as possible as a matter of course. You could even turn on auto-updates for everything and skip the manual maintenance. But if you haven’t, today is an especially good day to be on top of it, because Apple, Google and Microsoft have all pushed security fixes in the past two days for vulnerabilities that hackers are actively exploiting. It’s a zero-day patching extravaganza, and you don’t want to ignore your invite.
The biggest headline-grabber of the bunch has been the exploit chain known as ForcedEntry. Reportedly tied to the notorious spyware broker NSO Group, the attack first came to light in August, when the University of Toronto’s Citizen Lab revealed that it had found evidence of “zero click” attacks, which require no interaction from the target to take hold, being deployed against human rights activists. Amnesty International found similar forensic traces of NSO Group malware in July.
Please select this link to read the complete article from WIRED.