APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2

Read Time:27 Second

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2

macOS Big Sur 11.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213534.

BOM
Available for: macOS Big Sur
Impact: An app may bypass Gatekeeper checks
Description: A logic issue was addressed with improved checks.
CVE-2022-42821: Jonathan Bar Or of Microsoft

DriverKit
Available for: macOS Big Sur
Impact: An app may be able to…

Read More

APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2

macOS Monterey 12.6.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213533.

Bluetooth
Available for: macOS Monterey
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-42854: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.
Ltd. (@starlabs_sg)

BOM…

Read More

APPLE-SA-2022-12-13-4 macOS Ventura 13.1

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-4 macOS Ventura 13.1

macOS Ventura 13.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213532.

Accounts
Available for: macOS Ventura
Impact: A user may be able to view sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2022-42843: Mickey Jin (@patch1t)

AMD
Available for: macOS Ventura
Impact: An app may…

Read More

APPLE-SA-2022-12-13-3 iOS 16.1.2

Read Time:26 Second

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-3 iOS 16.1.2

iOS 16.1.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213516.

WebKit
Available for: iPhone 8 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited against versions of iOS released
before iOS 15.1.
Description: A type…

Read More

APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2

Read Time:28 Second

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2

iOS 15.7.2 and iPadOS 15.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213531.

AppleAVD
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Pro (all models), iPad Air 2 and later,
iPad 5th generation and later, iPad mini 4 and later, and iPod touch
(7th generation)
Impact:…

Read More

python3.6-3.6.15-15.fc38

Read Time:18 Second

FEDORA-2022-f321e2cec0

Packages in this update:

python3.6-3.6.15-15.fc38

Update description:

Automatic update for python3.6-3.6.15-15.fc38.

Changelog

* Mon Dec 19 2022 Charalampos Stratakis <cstratak@redhat.com> – 3.6.15-15
– Security fix for CVE-2022-45061: CPU denial of service via inefficient IDNA decoder
Related: rhbz#2144072

Read More

The Equifax Breach Settlement Offer is Real, For Now

Read Time:3 Minute, 54 Second

Millions of people likely just received an email or snail mail notice saying they’re eligible to claim a class action payment in connection with the 2017 megabreach at consumer credit bureau Equifax. Given the high volume of reader inquiries about this, it seemed worth pointing out that while this particular offer is legit (if paltry), scammers are likely to soon capitalize on public attention to the settlement money.

One reader’s copy of their Equifax Breach Settlement letter. They received a check for $6.97.

In 2017, Equifax disclosed a massive, extended data breach that led to the theft of Social Security Numbers, dates of birth, addresses and other personal information on nearly 150 million people. Following a public breach response perhaps best described as a giant dumpster fire, the big-three consumer credit reporting bureau was quickly hit with nearly two dozen class-action lawsuits.

In exchange for resolving all outstanding class action claims against it, Equifax in 2019 agreed to a settlement that includes up to $425 million to help people affected by the breach.

Affected consumers were eligible to apply for at least three years of credit monitoring via all three major bureaus simultaneously, including Equifax, Experian and Trans Union. Or, if you didn’t want to take advantage of the credit monitoring offers, you could opt for a cash payment of up to $125.

The settlement also offered reimbursement for the time you may have spent remedying identity theft or misuse of your personal information caused by the breach, or purchasing credit monitoring or credit reports. This was capped at 20 total hours at $25 per hour ($500), with total cash reimbursement payments not to exceed $20,000 per consumer.

Those who did file a claim probably started receiving emails or other communications earlier this year from the Equifax Breach Settlement Fund, which has been messaging class participants about methods of collecting their payments.

How much each recipient receives appears to vary quite a bit, but probably most people will have earned a payment on the smaller end of that $125 scale — like less than $10. Those who received higher amounts likely spent more time documenting actual losses and/or explaining how the breach affected them personally.

So far this week, KrebsOnSecurity has received at least 20 messages from readers seeking more information about these notices. Some readers shared copies of letters they got in the mail along with a paper check from the Equifax Breach Settlement Fund (see screenshot above).

Others said they got emails from the Equifax Breach Settlement domain that looked like an animated greeting card offering instructions on how to redeem a virtual prepaid card.

If you received one of these settlement emails and are wary about clicking the included links (good for you, by the way), copy the redemption code and paste it into the search box at myprepaidcenter.com/redeem. Successfully completing the card application requires accepting a prepaid MasterCard agreement (PDF).

The website for the settlement — equifaxbreachsettlement.com — also includes a lookup tool that lets visitors check whether they were affected by the breach; it requires your last name and the last six digits of your Social Security Number.

In February 2020, the U.S. Justice Department indicted four Chinese officers of the People’s Liberation Army (PLA) for perpetrating the 2017 Equifax hack. DOJ officials said the four men were responsible for carrying out the largest theft of sensitive personal information by state-sponsored hackers ever recorded.

Equifax surpassed Wall Street’s expectations in its most recently quarterly earnings: The company reported revenues of $1.24 billion for the quarter ending September 2022.

Of course, most of those earnings come from Equifax’s continued legal ability to buy and sell eye-popping amounts of financial and personal data on U.S. consumers. As one of the three major credit bureaus, Equifax collects and packages information about your credit, salary, and employment history. It tracks how many credit cards you have, how much money you owe, and how you pay your bills. Each company creates a credit report about you, and then sells this report to businesses who are deciding whether to give you credit.

Americans currently have no legal right to opt out of this data collection and trade. But you can and also should and freeze your credit, which by the way can make your credit profile less profitable for companies like Equifax — because they make money every time some potential creditor wants a peek inside your financial life. Also, it’s probably a good idea to freeze the credit of your children and/or dependents as well. It’s free on both counts.

Read More