homepage logo

Tech Matters: Two big security updates for this week

By Leslie Meredith - Special to the Standard-Examiner | Aug 24, 2022

Photo supplied

Leslie Meredith

You know it’s important to keep your systems, software and apps up to date, but this week’s updates are critical for your online security. The first is for Apple devices and the second for the Chrome browser, which taken together affect millions of users. So what happened?

Starting with Apple, the company issued a flurry of four security advisories last week, urging device owners to update the associated operating systems immediately. Usually the warnings consumers receive are about newly identified vulnerabilities that haven’t yet been exploited — the possibility for an attack is present, but it hasn’t been picked up yet. However, Apple’s alerts said that the vulnerability “may have been actively exploited,” which means you should update your Apple products now.

Specifically, at-risk devices include iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, iPod touch (7th generation), Apple Watch Series 3 and computers running macOS Monterey, Big Sur and Catalina. Check for an update and install it manually if it hasn’t already been automatically updated.

There aren’t many details about the possible exploit or other potential exploits, but Apple said the vulnerabilities give hackers the ability to take control of a device’s operating system to “execute arbitrary code” and potentially infiltrate devices through “maliciously crafted web content.” Apple doesn’t disclose, discuss or confirm security issues until it has conducted an investigation and patches or releases are generally available. A list of security updates is posted at https://support.apple.com/en-us/HT201222.

Apple takes a prudent approach to its security issues because fraudulent alerts are a well-documented scam. Apple does not send out pop-up messages. If you get one, don’t click or tap on it (even to seemingly close the pop-up window) or call a number listed in it. Interacting with the pop-up will inevitably lead you to an infected website while calling will connect you with an AI-generated call service representative or a real person who will try to get your credit card details and possibly other sensitive information.

Instead, close the browser and disconnect from the internet by turning off Wi-Fi and cellular. If you’re on your phone, you can turn on Airplane mode. Go into your browser settings and clear history and website data. Make sure you have blocked pop-ups in your security and privacy settings. At this point, you can reconnect and should not receive any more fake security warnings.

The second security alert was for Chrome and like with Apple’s warning the exploit is active, which means you should update Chrome now too. You’ll notice a button in the upper right corner of your Chrome window that says “Update.” Click on it to open the dropdown and then select “Relaunch” to update Chrome. This will trigger the update and relaunch the app. Make sure that you’ve saved any documents you’ve been working on in Chrome. The update will take just a few seconds. To verify that it’s complete, go to Settings by clicking the three dots where the Update button was, scroll down to “About Chrome” and click. A window will open that should say “Chrome is up to date.”

This is the fifth time Google has patched an actively exploited zero-day vulnerability in Chrome this year. Zero-day refers to the timing of a vulnerability when it comes on the heels of a new version release. In last week’s advisory, Google said the bug was rated as high on the Common Vulnerability Scoring System (CVSS) and associated with “insufficient validation of untrusted input in Intents.” An insufficient validation input flaw could allow for arbitrary code execution and is under active attack, the company said.

Google did not disclose specific details of the bug to prevent attackers from using it for their own purposes before the update can be installed on most machines and across other products that use Chrome code such as Microsoft Edge browser.

It’s a good idea to set updates to be installed automatically wherever possible. You’ll also want to keep an eye out for alerts on your devices that come in from the manufacturer to say an update will be installed. Remember that your mobile devices have to be connected to a charger to enable updates, so plug them in at the end of the day to ensure you don’t miss a critical update.

Leslie Meredith has been writing about technology for more than a decade. As a mom of four, value, usefulness, and online safety take priority. Have a question? Email Leslie at asklesliemeredith@gmail.com.


Join thousands already receiving our daily newsletter.

I'm interested in (please check all that apply)