Apple has released two urgent security warnings for iOS, iPadOS and macOS in response to two new zero-day vulnerabilities.

The company believes both weaknesses – found in WebKit, the engine which underpins Safari, Apple device kernels, and many other apps – are being actively exploited by hackers.

A vulnerable device that accesses “maliciously crafted web content” would allow hackers to execute code, and even to “execute arbitrary code with kernel privileges” – essentially full access to the device.

Affected Software Versions Include:

• iOS prior to 15.6.1
• iPadOS prior to 15.6.1
• macOS Monterey 12 Prior to 12.5.1

Users are advised to check their OS version and update immediately. To do this, please navigate to:

• On iPhone or iPad: Settings > General > Software Update
• On Mac: Apple Menu > About this Mac > Software Update

For Apple Support and Expertise, please contact our team today.

July 14th: as Microsoft flag a ‘Critical’ Level-10 DNS vulnerability on Domain Name System (DNS) servers worldwide, Lineal engineers rush to patch the infrastructure of dozens of organisations overnight.

The Microsoft Security Response Center recently released details of CVE-2020-135, a ‘Critical Remote Code Execution’ weakness deemed ‘wormable’ (potentially spreading between devices automatically) affecting all Windows Server versions.

A grade of 10.0 is the highest possible severity level that can be assigned under the Common Vulnerability Scoring System Calculator. For comparison the WannaCry attack, which temporarily crippled the NHS in 2017, had a CVSS rating of 8.5.

Lineal staff use remote monitoring software to administer large numbers of client servers and devices, monitor hardware health and deploy patches more rapidly – and were quickly on the case overnight to patch the vulnerability as a special emergency.

Within 8 hours we’d patched a large number of DNS servers – applying both an initial fix and further scheduled updates.

DNS is a naming technology which translates the identities of computers, servers and other networked devices into the IP addresses used for connecting on private and public IT networks.

For this reason, DNS servers often have massive reach, and must be carefully protected to mitigate the risk of compromising an organisation’s technology on a huge scale – even across the globe.

Israeli IT security firm Checkpoint Software Technologies, who discovered the 17-year old hidden bug and reported it to Microsoft, argue ‘this is not just another vulnerability’ and risks handing an attacker ‘complete control of your IT’ if IT admins fail to address the issue urgently.

For IT expertise and support, please contact our team today.

If you have a DrayTek Vigor router not covered by a Lineal Support Agreement with us, please get in touch for guidance.