{"id":28658,"date":"2023-06-25T11:34:19","date_gmt":"2023-06-25T18:34:19","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=28658"},"modified":"2023-06-25T11:34:19","modified_gmt":"2023-06-25T18:34:19","slug":"sb-2023-06-23","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2023\/06\/sb-2023-06-23\/","title":{"rendered":"Security Bits \u2014 25 June 2023"},"content":{"rendered":"<h1>Feedback &amp; Followups<\/h1>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>Thanks to the iOS 17 &amp; macOS Sonoma Betas we now know more about how password sharing in iCloud Keychain will work \u2014 <a href=\"https:\/\/www.macobserver.com\/tips\/how-to-setup-and-use-ios-17-family-password-sharing-on-iphone\/\">www.macobserver.com\/\u2026<\/a> (iOS) &amp; <a href=\"https:\/\/appleinsider.com\/articles\/23\/06\/16\/how-to-use-the-new-password-sharing-in-safari-on-macos-sonoma\">appleinsider.com\/\u2026<\/a> (macOS)\n<ul>\n<li>Everyone needs to have an iCloud account with iCloud keychain enabled<\/li>\n<li>Everyone will need to be on the latest OSes<\/li>\n<li>The creator of the group will invite others to join it via an invite link, and they&#8217;ll need to accept that invite to join the group<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>&#x2757; Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li><a href=\"https:\/\/tidbits.com\/2023\/06\/21\/apple-updates-all-active-operating-systems-to-block-exploited-security-vulnerabilities\/\">Apple Updates All Active Operating Systems to Block Exploited Security Vulnerabilities \u2014 tidbits.com\/\u2026<\/a>\n<ul>\n<li>This is a fix for the bugs in the exploit recently revealed by Kaspersky \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2023\/06\/22\/apple-patch-fixes-zero-day-kernel-hole-reported-by-kaspersky-update-now\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Patch Tuesday \u2014 no Zero-days this month, but still 4 critical patches from Microsoft \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2023\/06\/14\/patch-tuesday-fixes-4-critical-rce-bugs-and-a-bunch-of-office-holes\/\">nakedsecurity.sophos.com\/\u2026<\/a> &amp; <a href=\"https:\/\/krebsonsecurity.com\/2023\/06\/microsoft-patch-tuesday-june-2023-edition\/\">krebsonsecurity.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2023\/06\/20\/asus-warns-router-customers-patch-now-or-block-all-inbound-requests\/\">ASUS warns router customers: Patch now, or block all inbound requests \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li>&#x1f1e8;&#x1f1e6; UPS is warning Canadian users that a bug in their online tracking tool was leaking phone numbers and that attackers are using these leaked numbers to actively target users with SMS-based phishing (Smishing) attacks that include correct recent shipment details \u2014 <a href=\"https:\/\/krebsonsecurity.com\/2023\/06\/sms-phishers-harvested-phone-numbers-shipment-data-from-ups-tracking-tool\/\">krebsonsecurity.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>The W3C has published the new <em>Secure Payments Confirmation<\/em> (SPC) specification as a <em>Candidate Recommendation<\/em>, a major milestone to becoming a standard. When implemented, this will allow browsers to use FIDO standards to cryptographically verify user consent to online card payments, closing off a commonly used avenue for fraud \u2014 [appleinsider.com\/\u2026](https:\/\/appleinsider.com\/articles\/23\/06\/15\/a-new-web-standard-will-add-another-layer-of-security-to-online-payment-services-like-apple-pay &amp;  <a href=\"https:\/\/www.w3.org\/press-releases\/2023\/spc-cr\/\">www.w3.org\/\u2026<\/a><\/li>\n<li>With its latest OS betas, Apple has started testing Passkeys for logging in to Apple websites \u2014 <a href=\"https:\/\/www.cultofmac.com\/821090\/apple-websites-start-implementing-passkeys-in-place-of-passwords\/\">www.cultofmac.com\/\u2026<\/a><\/li>\n<li>Save and sign in with passkeys in your browser (beta) | 1Password <a href=\"https:\/\/support.1password.com\/save-use-passkeys\/\">support.1password.com\/&#8230;<\/a><\/li>\n<\/ul>\n<h2>Interesting Insights<\/h2>\n<aside class=\"small-aside\">High-quality opinion and editorial content recommended by Bart.<\/aside>\n<ul>\n<li>&#x1f3a7; An interview with the person leading Passkey support in 1Password: <a href=\"https:\/\/overcast.fm\/+HZUcvHrsc\">The Changelog: Passkeys for a passwordless future \u2014 overcast.fm\/\u2026<\/a><\/li>\n<li>AI &#8211; the technology becomes ubiquitous, a vast tasker underclass is emerging \u2014 and not going anywhere.  <a href=\"https:\/\/www.theverge.com\/features\/23764584\/ai-artificial-intelligence-data-notation-labor-scale-surge-remotasks-openai-chatbots\">AI Is a Lot of Work \u2014 theverge.com\/&#8230;<\/a><\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything upbeat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li>&#x1f3a7; Season 2 of the BBC World Service&#8217;s podcast on North Korea&#8217;s state hacking group is now fully released: <a href=\"https:\/\/overcast.fm\/+smMM0iyDA\">The Lazarus Heist: Season 2 Episode 1 &#8211;  Jackpotting \u2014 overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">&#x1f3a7;<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x2757;<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4ca;<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f9ef;<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> &#x1f642;<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4b5;<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4cc;<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f3a9;<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. Thanks to the iOS 17 &amp; macOS Sonoma Betas we now know more about how password sharing in iCloud Keychain will work \u2014 www.macobserver.com\/\u2026 (iOS) &amp; appleinsider.com\/\u2026 (macOS) Everyone needs to have an iCloud [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":28385,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[5281,2079,956,50,569],"class_list":["post-28658","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-passkeys","tag-patch","tag-patches","tag-security","tag-security-bits"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2023\/05\/Security-Bits-Logo_1040x520.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/28658","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=28658"}],"version-history":[{"count":2,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/28658\/revisions"}],"predecessor-version":[{"id":28660,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/28658\/revisions\/28660"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/28385"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=28658"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=28658"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=28658"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}