22: Rotten to the Core?
First up in this week’s episode is news that, as part of its ‘notarization’ process, Apple approved code used by Shlayer, the most common threat faced by Macs last year. Is it reasonable to expect Apple – or any app store – to keep their entire ecosystem squeaky clean at all times, or is it up to the user to always be sceptical about what they’re downloading?
Next up, another perfect 10 vulnerability. This one, Zerologon, was (luckily) patched back in August, but had the potential for eye-watering consequences. Considering the details of the vulnerability were not made public at the time, users and admins never knew how severe it really was – until now. Thanks to Kev, we get to see it in all its glory. Oh and by the way, we have a lab on this vulnerability, so if you’re a user, log on to check it out. And if you’re not a user…well, maybe you should be.
APT 41 makes an appearance next as five alleged Chinese citizens have been accused of hacking over 100 companies. Paul borders on seriously ranty territory (nothing new here) and Kev sheds some light on the ridiculous Zone-H.
And finally, our ever-popular ‘Hackers could…’ feature covers everything from the fairly noteworthy to the downright groan-inducing. Do people *really* still share photos of their shiny new credit cards?
***
Apple vs Shlayer:
https://arstechnica.com/information-technology/2020/09/mac-malware-gets-apples-seal-of-approval-thanks-to-notarization-goof/
Zerologon:
https://www.zdnet.com/article/zerologon-attack-lets-hackers-take-over-enterprise-networks/
APT 41:
https://techcrunch.com/2020/09/16/justice-department-charges-apt41-chinese-hackers/