Update your Android now – many holes fixed including ‘BroadPwn’ Wi-Fi bug

Google’s July 2017 security fixes for Android are out. As far as we can see, there are 138 bugs listed, each with its own CVE number, of which 18 are listed with the tag “RCE”. RCE stands for Remote Code Execution, and denotes the sort of vulnerability that could be abused by a crook to run some sort of program sent in from outside – without any user interaction. Generally speaking, RCE bugs give outsiders a sneaky chance to trigger the sort of insecure behaviour that would usually either pop up an obvious “Are you sure?” warning, or be blocked outright by the operating system. In other words, RCEs can typically be used for so-called “drive-by” attacks, where just visiting a web page or looking at an email might leave...

Read more »

Update your iPhone to avoid being hacked over Wi-Fi

It’s only been five days since Apple’s last security update for iOS, when dozens of serious security vulnerabilities were patched. As we mentioned last week, the recent iOS 10.3 and macOS 10.12.4 updates included numerous fixes dealing with “arbitrary code execution with kernel privileges”. Any exploit that lets an external attacker tell the operating system kernel itself what to is a serious concern that ought to be patched as soon as possible – hesitation is not an option. After all, it’s the kernel that’s responsible for managing security in the rest of the system. Sophos Home Free home computer security software for all the family Learn More Take this analogy with pinch of salt, but an exploit that gives a remote attacker regular user access is like planting a spy...

Read more »