On December 9, 2021, a vulnerability in the popular Java logging library Log4j—used by developers of web and server applications around the world—was discovered and made public. The zero-day vulnerability allows for code to be run remotely by sending a malicious code string, allowing a hacker to take control. Published the next day in the National Vulnerability Database as CVE-2021-44228, it is already being exploited in the wild across Windows, Linux, macOS and devices. Teams across the internet are working to patch enterprise systems and web apps to protect against these critical zero-day exploits. Even games like Minecraft can be impacted, leading Microsoft to post instructions on how players of the Java version can patch their systems. Of course, our Security Team is aware of the issue and reviewing SMU systems to determine impact. Continue reading Log4Shell Vulnerability Impacts Systems Across the Internet
Yesterday, Apple released the iOS 9.3.5 update. You need to install it now. Yes, right now! You can read the rest of this while your iPhone is updating.
We don’t usually push for people to update their devices so firmly, but a major security hole was found that would allow nefarious types to “read text messages and emails and track calls and contacts. It can even record sounds, collect passwords and trace the whereabouts of the phone user.” according to the New York Times.
In fact, Lookout security researcher Mike Murray stated “We realized that we were looking at something that no one had ever seen in the wild before.” in an interview with Motherboard. “Literally a click on a link to jailbreak an iPhone in one step. One of the most sophisticated pieces of cyberespionage software we’ve ever seen.”
On the plus side, Apple just released a patch to fix this massive security hole, and, if you haven’t already, you should download and install it immediately. We also recommend installing the update on any other iOS devices you may have, such as an iPad 2 and even an iPod touch (5th generation).
For information on the security content of Apple software updates, please visit this website: https://support.apple.com/kb/HT201222
For more information on the Zero-Day exploit and how it was used against a UAE Human Rights Defender, please visit Citizen Lab.
If you have any problems or concerns, please contact the IT Help Desk at 214-768-HELP (4357)