A friend sent this to me this morning, during the night the software update was issued so I had already installed…BUT…
Note how this vulnerability comes about…. A CAPTIVE PORTAL…. Hotels and Airports (often coffee shops, bookstores, libraries, etc etc.) are so open to skilled hackers, their sites can be compromised & expose all their guest devices…bummer. This is why when I travel I use my own Mi-Fi’s rather than the establishment's…so many horror stories that I wanted to stay away from potential sources of pain. For those of us in this area….hold on, Armageddon cometh…so say the Meteorologist…. John Why Apple users should update their iOS right now http://www.marketwatch.com/story/why-apple-users-should-update-their-ios-right-now-2016-01-20 <http://www.marketwatch.com/story/why-apple-users-should-update-their-ios-right-now-2016-01-20> (via Instapaper <http://www.instapaper.com/>) Security researchers discovered a vulnerability that could have allowed attackers to steal cookies when users logged onto websites. Apple AAPL, +0.13% <http://www.marketwatch.com/investing/stock/aapl?mod=MW_story_quote> released an update to iPhone, iPad and iPod operating systems Tuesday that patches a security hole through which hackers could steal data to impersonate users on websites they logged into. Apple’s iOS 9.2.1 update <https://support.apple.com/en-us/HT205732> applies to iPhone 4s and later models, the fifth generation iPod Touch and later, and the iPad 2 and later. The tech giant credited researchers from the Palo Alto, Calif.-based mobile security company Skycure with discovering the flaw. Adi Sharabani, chief executive of Skycure, says by stealing users’ cookies, an attacker would be able to later log onto <https://www.skycure.com/blog/shared-cookie-stores-bug-fixed-in-ios-9-2-1/> the websites a user visited. He says an attacker could exploit the flaw if a user connected to malicious public Wi-Fi using something called a captive portal -- the window that pops up and requests a username and password to log on, commonly used by hotels and airports. The attacker could also infect a device with malicious code and capture a user’s keystrokes to record information such as passwords, credit card or other information.
_______________________________________________ MacGroup mailing list Posting address: [email protected] Archive: <http://www.mail-archive.com/[email protected]/> Answers to questions: <http://erdos.math.louisville.edu/macgroup/>
