S3 Ep145: Bugs With Impressive Names!

By: Paul Ducklin — July 27^th 2023 at 16:47

Fascinating fun (with a serious and educational side) - listen now! Full transcript available inside.

Naked Security

Apple ships that recent “Rapid Response” spyware patch to everyone, fixes a second zero-day

By: Paul Ducklin — July 24^th 2023 at 23:18

Another month, another patch for in-the-wild iPhone malware (and a whole lot more).

Naked Security

Apple silently pulls its latest zero-day update – what now?

By: Paul Ducklin — July 11^th 2023 at 15:21

Previously, we said "do it today", but now we're forced back on: "Do not delay; do it as soon as Apple and your device will let you."

Naked Security

Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs

By: Paul Ducklin — July 10^th 2023 at 23:12

Don't delay, do it today. This is a code-implantation bug in WebKit that attackers already know how to exploit.

Naked Security

S3 Ep141: What was Steve Jobs’s first job?

By: Paul Ducklin — June 29^th 2023 at 16:58

Latest episode - listen now! (Full transcript inside.)

Naked Security

Apple patch fixes zero-day kernel hole reported by Kaspersky – update now!

By: Paul Ducklin — June 22^nd 2023 at 00:36

Apple didn't use the words "Triangulation Trojan", but you probably will.

Naked Security

Apple’s secret is out: 3 zero-days fixed, so be sure to patch now!

By: Paul Ducklin — May 19^th 2023 at 01:02

All Apple users have zero-days that need patching, though some have more zero-days than others.

Naked Security

S3 Ep133: Apple takes “tight-lipped” to a whole new level

By: Paul Ducklin — May 4^th 2023 at 20:59

Entertaining, educational, and all in plain English 🎧📖

Naked Security

Tracked by hidden tags? Apple and Google unite to propose safety and security standards…

By: Paul Ducklin — May 3^rd 2023 at 19:58

To bleat, or not to bleat, that is the question.

Naked Security

Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused

By: Paul Ducklin — May 1^st 2023 at 20:46

Just when we'd got used to three-numbered versions, such as "13.3.1", here comes an update suffix, bringing you "13.3.1 (a)"...

Naked Security

Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram

By: Paul Ducklin — April 30^th 2023 at 01:23

These malware peddlers are specifically going after Mac users. The hint's in the name: "Atomic macOS Stealer", or AMOS for short.

Naked Security

S3 Ep131: Can you really have fun with FORTRAN?

By: Paul Ducklin — April 20^th 2023 at 17:55

Loop-the-loop in this week's episode. Entertaining, educational and all in plain English. Transcript inside.

Naked Security

FBI and FCC warn about “Juicejacking” – but just how useful is their advice?

By: Paul Ducklin — April 17^th 2023 at 14:17

USB charging stations - can you trust them? What are the real risks, and how can you keep your data safe on the road?

Naked Security

S3 Ep130: Open the garage bay doors, HAL [Audio + Text]

By: Paul Ducklin — April 13^th 2023 at 16:54

I'm sorry, Dave. I'm afraid I can't... errr, no, hang on a minute, I can do that easily! Worldwide! Right now!

Naked Security

Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads

By: Paul Ducklin — April 10^th 2023 at 20:20

That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!

Naked Security

Apple issues emergency patches for spyware-style 0-day exploits – update now!

By: Paul Ducklin — April 8^th 2023 at 01:20

A bug to hack your browser, then a bug to pwn the kernel... reported from the wild by Amnesty International.

Naked Security

S3 Ep128: So you want to be a cybercriminal? [Audio + Text]

By: Paul Ducklin — March 30^th 2023 at 14:43

Latest episode - listen now!

Naked Security

Apple patches everything, including a zero-day fix for iOS 15 users

By: Paul Ducklin — March 28^th 2023 at 00:23

Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.

Naked Security

S3 Ep124: When so-called security apps go rogue [Audio + Text]

By: Paul Ducklin — March 2^nd 2023 at 15:40

Rogue software packages. Rogue "sysadmins". Rogue keyloggers. Rogue authenticators. Rogue ROGUES!

s3-ep124-auth--1200

Naked Security

S3 Ep122: Stop calling every breach “sophisticated”! [Audio + Text]

By: Paul Ducklin — February 16^th 2023 at 17:46

Latest episode - listen now! (Full transcript inside.)

Naked Security

Apple fixes zero-day spyware implant bug – patch now!

By: Paul Ducklin — February 14^th 2023 at 13:08

Everyone update now! Except for those who don't need to! Or who need to but will only get updates later on, though Apple isn't saying yet!

Naked Security

S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]

By: Paul Ducklin — January 26^th 2023 at 15:57

Lastest episode - listen now! (Or read the transcript.)

Naked Security

Apple patches are out – old iPhones get an old zero-day fix at last!

By: Paul Ducklin — January 24^th 2023 at 01:24

Don't delay, especially if you're still running an iOS 12 device... please do it today!

Naked Security

Microsoft dishes the dirt on Apple’s “Achilles heel” shortly after fixing similar Windows bug

By: Paul Ducklin — December 20^th 2022 at 17:59

It happens to the best of us: Microsoft highlights a security bypass bug on Macs that is curiously similar to a recent Windows 0-day.

Naked Security

S3 Ep113: Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text]

By: Paul Ducklin — December 15^th 2022 at 17:10

Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!

Naked Security

Apple patches everything, finally reveals mystery of iOS 16.1.2

By: Paul Ducklin — December 14^th 2022 at 02:11

There's an update for everything this time, not just for iOS.

Naked Security

S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]

By: Paul Ducklin — December 9^th 2022 at 16:46

Breaches, exploits, busts, buffer overflows and bug hunting - entertaining and educational in equal measure.

Naked Security

Apple pushes out iOS security update that’s more tight-lipped than ever

By: Paul Ducklin — December 2^nd 2022 at 21:02

We grabbed the update, based on no information at all, just in case we came across a reason to advise you not to. So far, so good...

Naked Security

S3 Ep109: How one leaked email password could drain your business [Audio + Transcript]

By: Paul Ducklin — November 17^th 2022 at 17:52

Latest episode - listen now! Cybersecurity news plus loads of great advice...

Naked Security

Emergency code execution patch from Apple – but not an 0-day

By: Paul Ducklin — November 10^th 2022 at 01:49

Not a zero-day, but important enough for a quick-fire patch to one system library...

Naked Security

S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]

By: Paul Ducklin — November 3^rd 2022 at 17:51

Listen now - latest episode - audio plus full transcript

Naked Security

Updates to Apple’s zero-day update story – iPhone and iPad users read this!

By: Paul Ducklin — October 28^th 2022 at 12:04

Turns out that Tuesday's zero-day for iOS 16 is Friday's zero-day for iOS 15...

Naked Security

Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now!

By: Paul Ducklin — October 25^th 2022 at 18:03

Ventura hits the market with 112 patches, Catalina's gone missing, and iPhones and iPads get a critical kernel-level zero-day patch...

Naked Security

S3 Ep104: Should hospital ransomware attackers be locked up for life? [Audio + Text]

By: Paul Ducklin — October 13^th 2022 at 16:37

Have your say on three deep questions posed by this week's podcast. Read or listen as suits you best...

Naked Security

Mystery iPhone update patches against iOS 16 mail crash-attack

By: Paul Ducklin — October 11^th 2022 at 00:28

The problem with crashy messaging apps is that *other people* get to choose if and when to send you messages...

Naked Security

Apple patches zero-day holes – even in the brand new iOS 16

By: Paul Ducklin — September 12^th 2022 at 21:25

Five updates, one upgrade, plus two zero-days. Patch your Macs, iPhones and iPads as soon as you can (again)...

apple-plus-16-1200

Naked Security

URGENT! Apple slips out zero-day update for older iPhones and iPads

By: Paul Ducklin — August 31^st 2022 at 18:42

Patch as soon as you can - that recent WebKit zero-day affecting new iPhones and iPads is apparently being used against older models, too.

Naked Security

S3 Ep97: Did your iPhone get pwned? How would you know? [Audio + Text]

By: Paul Ducklin — August 25^th 2022 at 15:37

Latest episode - listen now! (Or read the transcript if you prefer the text version.)

Naked Security

Apple patches double zero-day in browser and kernel – update now!

By: Paul Ducklin — August 17^th 2022 at 23:33

Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!

Naked Security

S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text]

By: Paul Ducklin — July 28^th 2022 at 15:47

Latest episode - listen now!

Naked Security

Apple patches “0-day” browser bug fixed 2 weeks ago in Chrome, Edge

By: Paul Ducklin — July 21^st 2022 at 12:38

One vendor's zero-day is another vendor's routine patch...

Naked Security

S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]

By: Paul Ducklin — June 16^th 2022 at 16:52

Lastest epsiode - listen now!

Naked Security

S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]

By: Paul Ducklin — May 19^th 2022 at 13:56

Latest episode - listen now!

Naked Security

Apple patches zero-day kernel hole and much more – update now!

By: Paul Ducklin — May 17^th 2022 at 09:30

You'll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions.

Naked Security

S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]

By: Paul Ducklin — April 7^th 2022 at 12:24

Latest episode - listen now! Cybersecurity news and advice in plain English.

Naked Security

Apple pushes out two emergency 0-day updates – get ’em now!

By: Paul Ducklin — March 31^st 2022 at 23:38

More Apple zero-days - mobile devices, laptops and desktops affected. Update now!

apple-1200

Naked Security

S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast]

By: Paul Ducklin — March 17^th 2022 at 13:32

Latest episode - listen now!

Naked Security

Beware bogus Betas – cryptocoin scammers abuse Apple’s TestFlight system

By: Paul Ducklin — March 16^th 2022 at 15:49

"Install this moneymaking app" - this one is so special that it isn't available on Google Play or the App Store!

Naked Security

Apple patches 87 security holes – from iPhones and Macs to Windows

By: Paul Ducklin — March 15^th 2022 at 16:36

Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.

apple-1200

Naked Security

S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]

By: Paul Ducklin — March 3^rd 2022 at 14:04

Latest episode - listen now (or read it, if that's your preference)...

Naked Security

Apple AirTag anti-stalking protection bypassed by researchers

By: Paul Ducklin — February 23^rd 2022 at 17:59

Problems with Apple's Tracker Detect system, which warns you of likely stalking attempts using hidden AirTags.

Naked Security

S3 Ep70: Bitcoin, billing blunders, and 0-day after 0-day after 0-day [Podcast + Transcript]

By: Paul Ducklin — February 17^th 2022 at 17:12

Latest episode - listen and learn!

Naked Security

Apple zero-day drama for Macs, iPhones and iPads – patch now!

By: Paul Ducklin — February 11^th 2022 at 14:25

Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...

apple-1200

Naked Security

S3 Ep68: Bugs, scams, privacy …and fonts?! [Podcast + Transcript]

By: Paul Ducklin — February 3^rd 2022 at 16:20

Latest episode - listen now!

Naked Security

Apple fixes Safari data leak (and patches a zero-day!) – update now

By: Paul Ducklin — January 27^th 2022 at 21:09

That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.

apple-1200

Naked Security

S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]

By: Paul Ducklin — January 20^th 2022 at 17:28

Latest epsiode - listen now!

Naked Security

Serious Security: Apple Safari leaks private data via database API – what you need to know

By: Paul Ducklin — January 18^th 2022 at 17:23

There's a tiny data leakage bug in the WebKit browser engine... but it could act as a "supercookie" identifier for your browsing

Naked Security

S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug [Podcast + Transcript]

By: Paul Ducklin — January 6^th 2022 at 13:44

We're back for 2022 - listen now!

Naked Security

Apple Home software bug could lock you out of your iPhone

By: Paul Ducklin — January 4^th 2022 at 17:23

The finder of this bug insists it "poses a serious risk". We're not so sure, but we recommend you take steps to avoid it anyway.

Naked Security

S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript]

By: Paul Ducklin — December 16^th 2021 at 17:41

Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)