قالب وردپرس درنا توس
Home / Mac / Critical Out-of-Band Adobe Security Updates! And ongoing minor Mac concerns …

Critical Out-of-Band Adobe Security Updates! And ongoing minor Mac concerns …



Adobe has just announced critical updates for Adobe Acrobat and Reader and Adobe Photoshop CC. The announcement is linked and summarized below:

APSB1

8-09: Security Update Available for Adobe Acrobat and Reader

Originally published: May 14, 2018

Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical security issues, and successful exploitation can lead to the execution of arbitrary code in conjunction with the current user. Adobe recommends that customers use the appropriate update using the instructions provided in the "Solution" section of the security bulletin.

Priority Rating: Adobe categorizes this update as priority 1.


APSB18-17: Security Updates Available for Adobe Photoshop CC

Originally Posted: May 14, 2018

Summary: Adobe has released updates for Photoshop CC for Windows and MacOS. These updates resolve a critical vulnerability in Photoshop CC 19.1.3 and earlier 19.x versions, as well as 18.1.3 and earlier 18.x versions. Successful exploitation can lead to arbitrary code execution in connection with the current user. Adobe recommends that customers use the appropriate update using the instructions provided in the "Solution" section of the security bulletin.



Priority Assessment: Adobe categorizes these updates as priority 3.

The new updated versions are:

• Acrobat DC and Acrobat Reader DC v ] 2018.011.20040
• Acrobat 2017 and Acrobat Reader DC 2017 v 2017.011.30080
Acrobat DC (Classic 2015) and Acrobat Reader DC (Classic 2015) v 2015.006.30418

[PhotoshopCC2017v 18.1.4


[PhotoshopCC2018v
19.1.4

Update IMMEDIELT. Utility has not been reported by Adobe to be out in nature. But the Acrobat patches are top priority and abundant.

It was also the usual monthly security update of awful Adobe Flas h on "Patch Tuesday", the second Tuesday of the month. Several other security updates were released as well. The list of Adobe's latest updates for security update can always be found here:


https://helpx.adobe.com/security.html


– – – –




What else is up?


] There are not many Mac security issues at the moment. In the meantime, I strongly recommend that everyone get and use the free Malwarebytes Anti-Malware application, run and keep it updated. My colleague Thomas Reed has done a good job so that it can find all current adware and PUPs (potentially unwanted programs) as well as the few active Mac malware.


Up and down is Thomas Reeds Malwarebytes for iOS ] when Thomas is now responsible for mobile security and Mac Security on Malwarebytes. The free version of the app will help iOS device users with ad blocking and text message filtering. The Premier version will help protect users from malicious mobile phone calls and malicious websites. The app is currently in beta.


There are no active malware of iOS these days. Then, Apple has removed and banned all apps that scan for iOS malware. Meanwhile, Apple has identified and removed more apps that monitor users from the App Store. They are in violation of Apple's IOS programming rules. It is worrying that these apps were initially approved and allowed to run on user devices. Fortunately, Apple has detected the audit and removed the problem.


The biggest security gap in the entire Mac and iOS security system stays the same as last year: Rogue developers who paid for Apple Security Certificates used these certificates for malicious software. The consequences of this vulnerability in Apple's certification system appear all over the world from time to time. I wish these false certificates were an impossibility. However, Apple's only solution for now extracting these certificates, which makes the malicious programs substantially inert. Stolen certificate from corporate developers is still a problem. But Apple seems to have taken better control of those I have not heard of any corporate certificates that were used on malware in 2018. Let's hope it stays that way.


Specter & Meltdown




The great concern for each Intel and AMD CPU The user is the ever evolving and working disaster for security vulnerability Specter (speculative execution). Apple, as well as other computer manufacturers, have responded as well as they can in coordination with Intel and AMD. But the Specter problems are deep and have no complete solution in sight. Fortunately, utilization of Specter is relatively difficult, and no major utilization has been reported out in nature. When this disaster unfolds, be sure to stay up to date with Apple Security Updates.


Related concerns have been Meltdown vulnerabilities in Intel, AMD, ARM (Apple A Series) and IBM Power CPUs. Meltdown has been easier to reduce and has not become a problem on Macs. Just make sure you're up to date with Apple Security Updates. Apple has provided a document about Specter and Meltdown and its limitations here:


About speculative execution vulnerabilities in ARM-based and Intel CPUs [19659022] iMore Have you provided more information here:


Questions and Answers: Meltdown and Specter: Which Mac and IOS Users Need to Know About Intel, AMD and ARM Errors


Rowhammer

Continuing and evolving is the exploitation of the DRAM Rowhammer phenomenon. It affects all DDR3 and DDR4 SDRAM. It affects all modern Macs. There is no solution for this problem. The phenomenon is a product of the ever-shrinking and later spatial intimate physical components of RAM chips. Some attempts to use software fights have been tried and more are coming. But the problem is not resolved. Fortunately, there have been no active utilities on Mac or iOS hardware. If an exploitation is reported, I will submit.


Newly discovered is a method of utilizing Rowhammer using GPU memory chips on Android devices. The exploitation is called GLitch and may be triggered by malicious JavaScript embedded in web pages. So far, there has been no similar utilization detected for iOS devices.


APFS: Not Ready for Prime Time

In March, there was concern about a serious programming error found in Apple's yet unfinished APFS file system that could be exploited on devices running MacOS 10.13 and 10.13.1 High Sierra. The error allowed a single command in the OS terminal to reveal administrative password for an APFS encrypted Mac device. The exploitation command can be adopted either by direct physical access to the Mac or through malicious code on a web page. Macs running macOS 10.13.2 and above have been patched against this security file. More about this situation can be found here:


Apple macOS Error reveals password for APFS encrypted volumes in Plaintext

It should be noted that you will not find the password in plain text when you convert a non-APFS drive to APFS and

My advice regarding APFS The New Apple File System stays the same: Do not use it.


Source link