Your weekly digest of Mobile Security and Privacy News in under 9 minutes! Each digest will cover the past week of briefings so you can quickly catch up on all the important topics in mobile security and privacy.
If you have any topics you’d like me to cover in the future, just drop me a comment in the YouTube video.
Here’s links to the briefings covered in this weekly digest:
In late January, Apple released a security update for what most folks would consider an ancient version of iOS (iOS 12.5.7). It’s rare to see an update for an iOS version that’s 4 major versions old so anyone organization with older iOS devices should take note.
I routinely check out Apple’s security updates page to monitor for bugs that require quick mitigation. You can see the specific security contents for iOS 12.
Your weekly digest of Mobile Security and Privacy News in under 8 minutes (shoot, 17 mins this week, sorry)! Each digest will cover the past week of briefings so you can quickly catch up on all the important topics in mobile security and privacy.
If you have any topics you’d like me to cover in the future, just drop me a comment in the YouTube video.
Here’s links to the briefings covered in this weekly digest:
The Cybersecurity Research Center at Synopsys analyzed the Software Bill of Material (SBOM) for 10 populars Android sports and betting apps and released their findings earlier this month. Not surprisingly, many of the apps contained outdated and vulnerable open source components.
You should take a look at the report as it’s interesting and well written. But I’d like to focus in on two important points that they made.
Exploitable Whenever a developer is presented with evidence of a vulnerable dependency, I suspect on of the first questions that comes to mind is: ok, but is that code used and exploitable?
Sam Curry (Twitter | Homepage), a Web Application Security Researcher, and a small group of friends found a staggering number of serious vulnerabilities in the mobile and web apps of nearly 20 automotive companies. He provides a fairly detailed write up on his blog “Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More” and here’s a Twitter thread about Hyundai and Genesis mobile app with starting with:
The Department of Defense’s Inspector General released a management advisory on 9 Feb 2023 titled “The DoD’s Use of Mobile Applications” (version with highlights). The advisory determined that:
“DoD personnel are conducting official business on their DoD mobile devices using mobile applications in violation of Federal and DoD electronic messaging and records retention policies” “DoD personnel are downloading mobile applications to their DoD mobile devices that could pose operational and cybersecurity risks to DoD information and information systems.
The National Security Agency (NSA) maintains a list of NSA Cybersecurity Advisories & Guidance and recently released a list of Best Practices For Securing Your Home Network. These are certainly worth taking a look at and for folks worried about downloading a PDF from the NSA, I’ve listed the primary recommendations at the bottom of this blog.
While reviewing the document, though, I noticed a link to their Mobile Device Best Practices and wanted to pass that along as well.
Your weekly digest of Mobile Security and Privacy News in under 8 minutes! Each digest will cover the past week of briefings so you can quickly catch up on all the important topics in mobile security and privacy.
If you have any topics you’d like me to cover in the future, just drop me a comment in the YouTube video.
Here’s links to the briefings covered in this weekly digest:
On 14 Feb 2023, Scandinavian Airlines warned users to stop using their mobile app as they were under an active cyberattack and user’s may receive incorrect data, including other customer’s personal information including:
contact details previous and upcoming flights last four digits of the credit card number The incident was resolved several hours later but additional details are not available at this time. The last updated was posted in the Newsroom section of the SAS website on February 15, 2023 12:56.
Apple released an emergency update to iOS, iPadOS, macOS and Safari on 13 Feb 2023 to patch a security flaw in WebKit, a web browser engine developed by Apple which powers many apps in the Apple ecosystem and beyond. The Security update page was updated on 20 Feb 2023 to include information on additional security flaws patched in the software update.
If you haven’t updated your Apple devices yet, you should stop reading this article and upgrade immediately!