Security Bits Logo no alpha channel

Security Bits — 16 August 2020

Feedback & Followups

Deep Dive — 🧯’Unpatchable’ Secure Enclave Vulnerability

Security Researchers claim to have found a vulnerability in older versions of Apple’s Secure Enclave. The problem is in code that’s effectively burned into the secure enclave chip, making it impossible to patch via a software update.

The researchers revealed very little information, but based on what we do know it seems this is nowhere near as big of a deal as it sounds like. Why? Because the bug can only be exploited at boot-time, so it requires physical access to the device, and, it has already been fixed in the newer A12 and A13 chips, so only older devices are affected.

In short, unless you’re important enough to be the target of a very sophisticated attack, and yet, run an old phone, and, have lost physically control of it, you’re not at risk.

If you are important enough to be a target, and you’re using an older device, you have have a simple solution at your disposal — get a newer iPhone 🙂

More Details: Security Enclave vulnerability seems scary, but won’t affect most iPhone users — appleinsider.com/…

❗ Action Alerts

  • Critical security updates have been released for Grub2, the open source boot loader used by many Linux distros. The updates include a patch for the catchily named BootHole bug — nakedsecurity.sophos.com/…
  • Last Tuesday was Patch Tuesday, seeing the usual release of critical updates from Microsoft (Windows) & Adobe — krebsonsecurity.com/…
  • Apple have released security updates for all their major OSes — arstechnica.com/…
  • Apple have released security updates for iCloud on Windows — us-cert.cisa.gov/…

Worthy Warnings

Notable News

Top Tips

Excellent Explainers

Interesting Insights

Palate Cleansers

  • 📊 The Periodic Table like you’ve never seen it before, colour-coded to show how the element was created (Big Bang, Supernova etc.) — [apod.nasa.gov/…](https://apod.nasa.gov/apod/ap200809.html
    • A semi-accessible SVG version of the Periodic Table upload.wikimedia.org/…. I say semi-accessible because you have to interpret how VoiceOver reads out element symbols. Helium for example sounds just like He, which is how it’s spelled.
  • ❣️ Breaking News: Macmillan Dictionary now includes over 50 emoji, carefully selected by lexicographer
    @janesolomon: Emoji in MacMillon Dictionary

Legend

When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by Bart.

Emoji Meaning
🎧 A link to audio content, probably a podcast.
A call to action.
flag The story is particularly relevant to people living in a specific country, or, the organisation the story is about is affiliated with the government of a specific country.
📊 A link to graphical content, probably a chart, graph, or diagram.
🧯 A story that has been over-hyped in the media, or, “no need to light your hair on fire” 🙂
💵 A link to an article behind a paywall.
📌 A pinned story, i.e. one to keep an eye on that’s likely to develop into something significant in the future.
🎩 A tip of the hat to thank a member of the community for bringing the story to our attention.

Leave a Reply

Your email address will not be published.

Scroll to top