Latest news with #DanielCard
Forbes
29-07-2025
- Forbes
iOS 18.6—Update Now Warning Issued To All iPhone Users
Apple has released iOS 18.6, along with a warning to update your iPhone now. Apple has released iOS 18.6, along with a warning to update your iPhone now. That's because iOS 18.6 comes with a hefty list of 29 security fixes, some of which plug serious holes in iOS. Apple doesn't give much information about the bugs squashed in iOS 18.6, to give people as much time to update as possible before attackers can get hold of the details. However, iOS 18.6 fixes multiple flaws in WebKit, the engine that supports the Safari browser, according to the iPhone maker's support page. Tracked as CVE-2025-4322, one of the issues patched in WebKit could see sensitive user information exposed, if they process maliciously crafted web content. Meanwhile, a trio of CVEs patched in iOS 18.6 could lead to memory corruption as a result of processing maliciously crafted web content. Apple's iOS 18.6 also fixes a flaw in CoreMedia Playback that could enable an app to access user-sensitive data. The Impact Of The Issues Fixed In iOS 18.6 Of the issues patched in iOS 18.6, Daniel Card, an independent cybersecurity consultant, highlights a flaw which could see your passcode read out by VoiceOver. Meanwhile, another WebKit issue could see address bar spoofing, if you visit a malicious website, he says. Most of the issues patched in iOS 18.6 are specific to WebKit, 'which by its very nature are more likely to be exploited remotely,' says Sean Wright, head of application security at Featurespace. For the most part, the impact of the vulnerabilities fixed in iOS 18.6 is limited, Wright says. However, it is important to note that flaws including CVE-2025-43227 do have more of an impact and 'thus carry more risk,' according to Wright. Apple released iOS 18.6 alongside iOS 17.7.9, patching issues on iPhones that can't run iOS 18. OS 18.6 comes with a hefty list of 29 security fixes, some of which plug serious holes in iOS. Why You Should Update To iOS 18.6 None of the flaws patched in iOS 18.6 have been used in real-life attacks, yet. But iOS 18.6 is the first update in well over two months — iOS 18.5 was issued in mid-May and Apple hasn't released any minor upgrades in the meantime. The iOS 18.6 upgrade is also likely to be the last iPhone update before Apple releases iOS 26 this fall, unless a very urgent security fix is needed before then. The fact that there's so long between updates — with another gap due until the iPhone 17 and iOS 26 arrive this fall — mean applying iOS 18.6 now is important. Plus iOS 18.6 fixes bugs plaguing those on the previous version, including an issue in Photos that could prevent memory movies being shared. 'Overall, there is no reason to panic, but I would highly recommend that users update to iOS 18.6 as soon as possible to be on the safe side,' says Wright. It's also worth noting that automatic updates can take a while to reach your iPhone, so it is best to apply iOS 18.6 manually. Before doing this, Card points out the importance of ensuring you have space in iCloud. 'Some people have their iCloud full so not only do their device back ups not work, their updates fail.' "General housekeeping is always good for life and security optimisation," Card says. To upgrade your iPhone, go to your Settings > General > Software Update and download and install iOS 18.6 now.
BBC News
28-07-2025
- BBC News
VPNs top App Store charts as Online Safety Act age checks kick in
Virtual private network (VPN) apps have become the most downloaded on Apple's App Store in the UK after sites such as PornHub, Reddit and X began requiring age verification of users on can disguise your location online - allowing you to use the internet as though you are in another means people are likely using them to bypass requirements of the Online Safety Act, which mandated platforms with certain adult content to start checking the age of of Monday morning, half of the top ten free apps in Apple's app download charts in the UK appeared to be for VPN one app maker told the BBC it had seen an 1,800% spike in downloads. Virtual private networks (VPN) connect users to websites using a remote server and conceal their actual IP address and location, meaning they can circumvent blocks on particular sites or experts say free versions of such apps or services can carry security and privacy risks."Many of these free VPNs are riddled with issues," said Daniel Card, a cyber-security expert with the Chartered Institute for IT (BCS)."Some act as traffic brokers for data harvesting firms, others are so poorly built they expose users to attacks."He told the BBC despite posing a range of potential privacy risks, such apps "end up in the hands of kids trying to watch age-restricted content", or adults "trying to get round blocks"."That's the uncomfortable truth: people will take risks to get what they want online," he said. The UK's new online safety rules, explained:What is the Online Safety Act?How could age checks for porn work in the UK?From Reddit to Pornhub: Which sites will require UK age verification?The debate: Will new rules for porn sites do more harm than good? Katie Freeman-Tayler, of children's safety group Internet Matters, said on Thursday that availability of free and low cost VPN services to children, and their potential use of them, was "concerning"."This makes it easy for them to circumvent important protections introduced under the Online Safety Act, such as age checks designed to shield them from adult content," she told the Ofcom says platforms required to introduce "highly effective" methods to check user age must not host, share or permit content that encourages use of VPNs to get around age government has also told the BBC it would be illegal for platforms to do so. Privacy-conscious Proton VPN, an app offered by Swiss privacy tech firm Proton, told the BBC it had seen a 1800% spike in UK daily sign-ups over the weekend after age check rules took effect on Friday.A Proton spokesperson said the UK was now among countries generating the highest usage of its VPN."This clearly shows that adults are concerned about the impact universal age verification laws will have on their privacy," they free VPN apps appearing in the App's Stores top charts on Monday say they display adverts in order to finance and operate their services for say they do not share information with third-parties, and state they are not intended for use by children. All state their VPN connections are private, secure and encrypted."While more privacy-conscious users might stick to reputable services... the average person won't," said Mr Card."They'll download the first free app with decent reviews, often without realising they're handing over access to their data." Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here.
The Sun
22-07-2025
- Business
- The Sun
Microsoft server hack impacts 100 organizations globally
WASHINGTON/LONDON: A large-scale cyber espionage campaign targeting Microsoft SharePoint servers has compromised around 100 organizations, according to cybersecurity researchers. The attack exploits a previously unknown vulnerability, allowing hackers to infiltrate systems and potentially install backdoors for persistent access. Microsoft issued an alert on Saturday warning of 'active attacks' on self-hosted SharePoint servers, though cloud-based instances remain unaffected. The flaw, classified as a 'zero-day' due to its prior obscurity, enables unauthorized access to sensitive data. Netherlands-based Eye Security and the Shadowserver Foundation identified nearly 100 victims before the hacking method became widely known. 'It's unambiguous,' said Vaisha Bernard, chief hacker at Eye Security. 'Who knows what other adversaries have done since to place other backdoors.' Most affected organizations are in the US and Germany, with government agencies among the victims. Shadowserver estimates over 9,000 servers could be vulnerable, including industrial firms, banks, and healthcare providers. Google linked some attacks to a 'China-nexus threat actor,' though Beijing denies involvement. The FBI and UK's National Cyber Security Center are investigating, urging affected entities to apply security patches immediately. Daniel Card of PwnDefend warned, 'Just applying the patch isn't all that is required here,' emphasizing the need for thorough security reviews. - Reuters
