With the release of their newest operating system just days away, now is not the most convenient time for Microsoft to be facing and dealing with security bugs. However, two thirds of all 1.5 billion PCs operated by Windows across the globe were recently left vulnerable due to a security flaw found in nearly every version of Windows, including Windows 10 Insider Preview.
The flaw (MS15-078) lies within the Windows Adobe Type Manager Library and can be exploited by cybercriminals to hijack PCs and/or infect them with malware. Users can be attacked when they visit untrusted websites that contain malicious embedded OpenType fonts. Microsoft explains more about the threat in a security bulletin advisory:
An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
There are multiple ways an attacker could exploit this vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage that contains embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.
The flaw has been classified as critical, which is Microsoft’s highest measured level of threat. Anyone running Windows Vista, Windows 7, Windows 8 and 8.1, Server 2008, Server 2012 and Windows RT are affected by the flaw. Microsoft’s online Security TechCenter includes a full list of affected software and additional vulnerability information.
Apple iPhone, iPad, and iPod users: Update your mobile operating system iOS now to patch a serious SSL encryption bug that opens you wide to a “man-in-the-middle-attack,” (MITM) especially when you use unsecured WiFi, for example at a cafe, hotel, or airport, even at your home. The flaw is “as bad as you could imagine” says one cryptography expert.
What is protected and what’s not
The 7.0.6 update is for all devices that can run iOS 7; iPhone (4 and later), iPod touch (5th generation) and iPad (2nd generation).
The iOS 6.1.6 update is for the iPhone 3GS and fourth-generation iPod touch.
ATTENTION: The bug still exists in Apple’s Mac OS X 10.9.1 desktop operating system and there is no patch for it at this time.
- 1. Plug the device into your computer
- 2. Open iTunes
- 3. Click the device name
- 4. Click the button that says, “Check for update”
The best protection is VPN
This security flaw allows a cybercrook to use an insecure WiFi connection to put a man electronically “in the middle” of the transactions you make on your iPhone or iPad to intercept data.
“The flaw is in SSL, and the easiest way to exploit that is via unsecure/public WiFi,” said Ondřej Vlček, AVAST’s COO told Apple users in San Francisco before the annual RSA conference begins. “avast! SecureLine VPN for iOS can protect against the Apple security bug.”
The MITM attack gives them access to the information you thought was secure like credit card numbers. The best protection is to plug that hole with a VPN product.
How to get avast! SecureLine
avast! SecureLine VPN is available as a monthly or yearly subscription for iOS in the Apple App Store.
Watch this video for more information on avast! SecureLine VPN
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.