[ADVISORY from Apple & Microsoft] Your Urgent Attention Needed [Please ignore if actioned by now]

 

EN TOTO, pasted below the urgent alerts from both Apple and Microsoft.   Please ignore this advisory IF you don't have windows or apple devices OR relevant actions have been done.

On Tuesday, March 11, Apple dropped a series of updates for its devices. That includes iOS 18.3.2 for iPhones; iPadOS 18.3.2 for iPads, macOS Sequoia 15.3.2 for Macs, Safari 18.3.1, tvOS 18.3.1, and visionOS 2.3.2 for Apple Vision Pro.

"Impact: Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.)"

It appears an out-of-bounds write issue (which happens when a program writes data that does not belong to it) allowed bad actors to attack users running versions of iOS older than 17.2. Apple's language implies that these are capable actors with specific targets, and while Apple doesn't say, it's possible that involves high-profile personalities such as politicians or journalists. The company says the issue was blocked in iOS 17.2, but since there are users who were attacked running earlier versions of iOS, it seems this update was necessary regardless.

Microsoft's released its monthly Patch Tuesday update for March 2025 to fix 57 bugs across Windows, Office, Azure, and other Microsoft systems. Seven of the patches address zero-day vulnerabilities, six of which have been actively exploited.  According to Bleeping Computer, this month's update fixes 23 elevation of privilege flaws, three security feature bypass flaws, 23 remote code execution flaws, four information disclosure flaws, one denial of service flaw, and three spoofing flaws

Seven of the flaws fixed were zero-day vulnerabilities, which allow bad actors to exploit systems before an official patch is released by developers. In this case, six of the seven zero-day vulnerabilities were actively exploited, while one was publicly exposed—so it's only a matter of time before actors exploit this seventh vulnerability, as well.

Just to share with our readership here, I maintain my own security tracker of all the attempts coming from all over the globe and NOT to unduly raise fear or worst cyberphobia OR logizomechanophobia [WHICH is defined as extreme fear of using or being around computers, potentially leading to avoidance and significant anxiety].  So, as laymen and non-techies, WHAT can we proactively do for now?  Please ensure that your login accounts are IMPENETRABLE with passwords that should NOT be dates of birth, anniversaries and the like.  At least for passwords, let's be wiser than these unforgiving scammers💥💥💥