Silent Mac update nukes dangerous webserver installed by Zoom

Silent Mac update nukes dangerous webserver installed by Zoom

Enlarge (credit: Kena Betancur/Getty Images)

Apple said it has pushed a silent macOS update that removes the undocumented webserver that was installed by the Zoom conferencing app for Mac.

The webserver accepts connections from any device connected to the same local network, a security researcher disclosed on Monday. The server continues to run even when a Mac user uninstalls Zoom. The researcher showed how the webserver can be abused by people on the same network to force Macs to reinstall the conferencing app. Zoom issued an emergency patch on Tuesday in response to blistering criticism from security researchers and end users.

Apple on Wednesday issued an update of its own, a company representative speaking on background told Ars. The update ensures the webserver is removed—even if users have uninstalled Zoom or haven’t installed Tuesday’s update. Apple delivered the silent update automatically, meaning there was no notification or action

Read the rest Continue Reading
Pixel 3 and 3a Update Improves “OK Google,” Music Detection, and Titan M Module Performance

Pixel 3 and 3a Update Improves “OK Google,” Music Detection, and Titan M Module Performance


This month’s Android security update included a list of functional patches for Pixel devices as it almost always does. These are the fixes or improvements to Android that Google adds alongside the security stuff for its own phones.

For July, Pixel 2, Pixel 3, and Pixel 3a owners (along with their XL variants) can all expect to find improved “OK Google” and music detection. That should mean quicker pick-ups when asking for Google Assistant and faster recognition of music that you’ve asked for help identifying. Google doesn’t say, but that must be improving the sensitivity of the microphones of each? Either way, you love to see it.

Google also says that the Pixel 3 and 3a lines received performance improvements to their Titan M modules, though they didn’t say what exactly that means. We know that Titan M is a dedicated chip that helps with on-device encryption, securing bootloaders, protecting … Read the rest

Continue Reading
July 2019 Android Security Update Now Available for Pixel Devices

July 2019 Android Security Update Now Available for Pixel Devices


A new month has arrived, bringing with it a new Android security patch for Google Pixel phones. The July 2019 Android security update is now available for all of Google’s currently supported Pixel devices (Pixel 3a, Pixel 3, Pixel 2, and Pixel). Both factory images and OTA files can be grabbed if you don’t feel like waiting for Google to push the update to your device.

Currently, we are seeing new 9.0.0 files for Pixel 3a and Pixel 3a XL (PQ3B.190705.003), Pixel 3 and Pixel 3 XL (PQ3A.190705.003), Pixel 2 and Pixel 2 XL (PQ3A.190705.001), and Pixel and Pixel XL (PQ3A.190705.001).

The Pixel C has either been cut off after all these years or Google just hasn’t posted a new 8.1.0 image. If they do, we’ll let you know.

You will find each image or OTA file at the links below. For instructions on how to flash a factory image, … Read the rest

Continue Reading
Microsoft OneDrive gets a more secure Personal Vault, plus additional storage options

Microsoft OneDrive gets a more secure Personal Vault, plus additional storage options

Enlarge / Microsoft at a trade show. (credit: Getty Images | Justin Sullivan)

Microsoft is launching a new layer of security for users of its OneDrive cloud storage service. OneDrive Personal Vault is a new section of your storage that’s accessed through two-step verification, or a “strong authentication method,” although Microsoft didn’t define the latter term.

Microsoft notes that fingerprinting, face scans, PINs, and one-time codes by email, SMS, or an authenticator app are among the acceptable two-step verification methods. And you’ll automatically get de-authenticated after a period of inactivity—that’s the key to Microsoft’s special security argument here. Two-factor authentication using text or email is less secure than other options. Using the more heavy-duty face or fingerprint verification will require the appropriate hardware, such as a device with Windows Hello.

It also has options for transferring physical documents to the OneDrive mobile app. You can scan documents or take

Read the rest Continue Reading
It’s Still June, But Some Pixel Owners Just Got July’s Android Update

It’s Still June, But Some Pixel Owners Just Got July’s Android Update


The July Android security patch showed up on a handful of Pixel 3a devices this morning, even though we are still in the month of June. Google screwed up in who they allowed to have the update, as the update page clearly states that this build is “CONFIDENTIAL INTERNAL ONLY.”

The Googlers-only update contains the July 5 patch level, weighs in at 79.8MB, and is build PQ3B.190705.003. The list of changes on its description only mentions that “critical bugfixes” are included, along with the monthly security patches.

What else is new? We won’t know unless one of the lucky redditors who got the update finds something. Otherwise, we’ll just assume it’s a regular old monthly patch. Still, let’s tighten it up over there, eh, Google?

July Android Security Update Pixel

// reddit [2] | 9to5Google

Source link Read the rest

Continue Reading
The clever cryptography behind Apple’s “Find My” feature

The clever cryptography behind Apple’s “Find My” feature

Enlarge / The 2018 15-inch Apple MacBook Pro with Touch Bar. (credit: Samuel Axon)

When Apple executive Craig Federighi described a new location-tracking feature for Apple devices at the company’s Worldwide Developer Conference keynote on Monday, it sounded—to the sufficiently paranoid, at least—like both a physical security innovation and a potential privacy disaster. But while security experts immediately wondered whether Find My would also offer a new opportunity to track unwitting users, Apple says it built the feature on a unique encryption system carefully designed to prevent exactly that sort of tracking—even by Apple itself.

In upcoming versions of iOS and macOS, the new Find My feature will broadcast Bluetooth signals from Apple devices even when they’re offline, allowing nearby Apple devices to relay their location to the cloud. That should help you locate your stolen laptop even when it’s sleeping in a thief’s bag. And it turns out

Read the rest Continue Reading
June 2019 Android Security Update Goes Live for Pixel Devices

June 2019 Android Security Update Goes Live for Pixel Devices


A fresh month of June kicked off over the weekend, so that means Google was preparing to release the June 2019 Android security patch for Pixel devices. They have now done just that and we already have both factory image and OTA files ready to be downloaded for those willing to do some manual labor, or as always, you can sit back and wait for the update to arrive over-the-air (OTA) to your device. We’ve got our first Pixel 3a updates too!

So far, we are seeing new 9.0.0 files for Pixel 3 and Pixel 3 XL(PQ3A.190605.004.A1), Pixel 2 and Pixel 2 XL (PQ3A.190605.003), and Pixel and Pixel XL (PQ3A.190605.003). The Pixel 3a and Pixel 3a XL’s first update arrives as build PQ3B.190605.006. The Pixel C picked up a new 8.1.0 build as version OPM8.190605.003.

Functional Patches

References Category Improvements Devices
A-124279741 Bootloader Fixes an issue causing some devices
Read the rest Continue Reading
Windows 10 May 2019 Update now rolling out to everyone… slowly

Windows 10 May 2019 Update now rolling out to everyone… slowly

Enlarge (credit: David Holt / Flickr)

To avoid a replay of the problems faced by the Windows 10 October 2018 Update, version 1809, Microsoft has taken a very measured approach to the release of the May 2019 Update, version 1903, with both a long spell as release candidate and a much less aggressive rollout to Windows Update.

That rollout starts today. While you previously needed to be in the Insider Program (or have a source such as an MSDN subscription) to download and install version 1903, it’s now open to everyone through Windows Update.

However, Windows users are unlikely to see the update automatically installed for many months. Initially, only those who explicitly visit Windows Update and click “Check for Updates” will be offered version 1903, and even then, they’ll have to explicitly choose to download and install the update. This is part of Microsoft’s attempt to make

Read the rest Continue Reading
33 Linksys router models leak full historic record of every device ever connected

33 Linksys router models leak full historic record of every device ever connected

(credit: US Navy)

More than 20,000 Linksys wireless routers are regularly leaking full historic records of every device that has ever connected to them, including devices’ unique identifiers, names, and the operating systems they use. The data can be used by snoops or hackers in either targeted or opportunistic attacks.

(credit: Troy Mursch)

Independent researcher Troy Mursch said the leak is the result of a persistent flaw in almost three dozen models of Linksys routers. It took about 25 minutes for the Binary Edge search engine of Internet-connected devices to find 21,401 vulnerable devices on Friday. A scan earlier in the week found 25,617. They were leaking a total of 756,565 unique MAC addresses. Exploiting the flaw requires only a few lines of code that harvest every MAC address, device name, and operating system that has ever connected to each of them.

The flaw allows snoops or hackers to

Read the rest Continue Reading
You Probably Need to Replace Your Google Bluetooth Titan Security

You Probably Need to Replace Your Google Bluetooth Titan Security


If you own one of Google’s Titan Security Keys, there’s a chance that you need to get it replaced. Specifically, the Bluetooth dongle from the original Titan Security Key has a known vulnerability that Google has been made aware of and is offering to replace yours for free if affected.

The “bug,” as Google refers to it, has a misconfiguration that leaves open the possibly for an attacker to align a series of events in order to gain control of your Bluetooth key and then access your account. The chances of everything aligning might be slim, but there is still a chance. For more details on how exactly that’ll work, hit up the source link at the bottom of this post.

Titan Security Key Replacement

How do you know if you need a replacement? See the image above? If your Bluetooth Titan Security key has a “T1” or a “T2” on the bottom … Read the rest

Continue Reading