Software

iOS Update Available – Version 7.0.4 is Here

This week, Apple has released a small but very important update to their popular mobile operating system – iOS 7.0.4. According to the details provided, by Apple, the update comes with several bug fixes and improvements, including a fix for an issue that causes FaceTime calls to fail in some cases.

But the latest iOS update also comes with an important security fix for CVE-2013-5193, a vulnerability allowing App and In-App purchases to be completed with insufficient authorization – meaning that the password prompt presented to a signed in user before making an App purchase could have been bypassed and the transaction completed without providing a password.

Why are updates so important?

This software update for iOS, just like many other software updates for any platform, shows once again the importance of updating. Updates don’t just fix innocent bugs, they don’t just improve the user’s experience. They do that, yes, but most of the times updates also fix security vulnerabilities which can be exploited in-the-wild.

How to update your iOS device?

The quickest way to update your iPhone, iPad or iPod touch is to do it directly from the device. Just make sure you have everything backed up before you proceed, that you are connected to a WiFi network and the device has enough power, then just go to Settings ‘ General ‘ Software Update. If an update is available, tap Download, then Install.

You can also update your device through iTunes, while it’s connected through a cable. For more details and tips, Apple has a complete step-by-step guide available here: http://support.apple.com/kb/HT4623

iOS Update Available – Version 7.0.4 is Here

Your email address will not be published. Required fields are marked *

 

Reports

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

Subscribe to our weekly e-mails

The hottest research right in your inbox