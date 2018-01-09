Security: Updates, Apple, Microsoft, Intel, IBM and Linux
Security updates for Wednesday
Security Flaw in macOS 10.13 Lets App Store Preferences Access with Any Password
Another major security flaw was discovered in Apple's macOS High Sierra 10.13 operating system, which lets anyone accessing the App Store preferences panel with any password if it's locked.
First spotted by MacRumors, there's a bug report about an issue, discovered a couple of days ago by someone and reported on Open Radar, which lets anyone access the App Store panel in System Preferences with literally any password, if the padlock at the bottom left corner is closed and your Mac is unlocked.
Usually, that padlock isn't locked, but its label says "Click the lock to prevent further changes" in the current version of macOS, a.k.a. High Sierra 10.13.2. Locking those settings should prevent someone from disabling automatic updates, as well as installing of new macOS versions, system data files, and security update.
Microsoft: Be Ready For Significant Slowdown Of Your Old PC After Spectre Security Patches
Intel Posts Updated Microcode Files For Linux
In the wake of Meltdown and Spectre, Intel yesterday released new microcode binaries for Linux systems.
Intel Releases Processor Microcode Patch for Linux OSes, Here's How to Update
Updated Intel Microcode Not Causing Any Significant Performance Impact On Linux
DragonFlyBSD Posts Initial Kernel Fix For Spectre
Meltdown Fixes Will Slow Intel Computers -- Here's All The Proof You Need
It’s not just Windows – Linux Ubuntu systems being bricked by Meltdown/Spectre patches, too
Canonical Fixes Ubuntu 16.04 LTS Regression Causing Boot Failure on Some PCs
Canonical has released on Wednesday a new Linux kernel update for Ubuntu 16.04 LTS (Xenial Xerus) operating system series to address a regression introduced with yesterday's security patch against the Meltdown vulnerability.
On Tuesday, Canonical published multiple security notices to inform users of the Ubuntu 17.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 ESM operating systems that they can now patch their computers against the Meltdown security vulnerability affecting billions of devices.
Meltdown & Spectre Patches Causing Boot Issues for Ubuntu 16.04 Computers
Ubuntu Xenial 16.04 users who updated to receive the Meltdown and Spectre patches are reporting they are unable to boot their systems and have been forced to roll back to an earlier Linux kernel image.
The issues were reported by a large number of users on the Ubuntu forums, Ubuntu's Launchpad bug tracker, and Reddit thread. Only Ubuntu users running the Xenial 16.04 series appear to be affected.
First malicious Android app built with open source Kotlin language found wild
For the first time, a malicious Android application built with Kotlin has been discovered in the Google Play store. First noted by Trend Micro researchers in a Tuesday blog post, it's possible that the app has already been downloaded thousands of times.
In late November 2017, it was reported that 17% of the projects in Android Studio were using Kotlin. Because it's becoming easier to convert Java code to Kotlin, and the new language features a null-safety feature that can improve app quality, we'll likely see even more apps developed with the language. However, this also means we could see more malicious apps developed with Kotlin as well.
Debian Stretch and Jessie Get Kernel Patches to Mitigate Meltdown Security Flaw
The Debian Project released updated Linux kernels for Debian GNU/Linux 9 "Stretch" and Debian GNU/Linux 8 "Jessie" operating system series to patch the Meltdown security vulnerability and other issues.
Last week, Debian GNU/Linux 9 "Stretch" users received the Linux kernel patch to mitigate the Meltdown security vulnerability (CVE-2017-5754) that affects billions of devices by allowing attackers to control unprivileged processes and read the memory from random addresses, including the kernel, as well as other processes running on the unpatched machine. To patch the issue, users had to update the kernel to version 4.9.65-3+deb9u2.
Linux Systems with Exposed SSH Ports, Targeted by Python-Based Botnets
Cybersecurity experts believe that a band of experience cybercriminals have created a botnet made of Linux-based systems and is using them to mine Monero, a cryptocurrency.
Meltdown-Spectre: IBM preps firmware and OS fixes for vulnerable Power CPUs
IBM has outlined a month-long plan to fix datacenter equipment running on its Power CPUs, which the company has now confirmed are vulnerable to the Meltdown and Spectre CPU attacks.
The company today released firmware updates for the Power7+ and Power8 CPUs, with Power9 fixes coming on January 15.
Until now, IBM hadn't fully confirmed its Power systems are affected by the two CPU attacks, though Red Hat said in its January 3 advisory that exploits existed for IBM System Z, Power8, and Power9 systems.
How to install/update Intel microcode firmware on Linux
