Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. Zero-days are security flaws that the software vendor is unaware of and hasn't yet patched. In some cases, this type of vulnerability may also have publicly available proof-of-concept exploits before a patch arrives or maybe actively exploited in the wild. In security advisories issued on Monday, Apple revealed that they're aware of reports this security bug "may have been actively exploited." The flaw is an out-of-bounds write issue (CVE-2022-22675) in the AppleAVD (a kernel extension for audio and video decoding) that allows apps to execute arbitrary code with kernel privileges. The bug was reported by anonymous researchers and fixed by Apple in macOS Big Sur 11.6.6 and watchOS 8.6 with improved bounds checking. The list of impacted devices includes Apple Watch Series 3 or later and Macs running macOS Big Sur. While Apple disclosed reports of active exploitation in the wild, it did not release any extra info regarding these attacks. By withholding information, the company is likely aiming to allow the security updates to reach as many Apple Watches and Macs as possible before attackers pick up on the zero-day's details and start deploying exploits in other attacks. Although this zero-day was most probably only used in targeted attacks, it's still strongly advised to install today's macOS and watchOS security updates as soon as possible to block attack attempts. In January, Apple patched two other zero-days exploited in the wild to let attackers gain arbitrary code execution with kernel privileges (CVE-2022-22587) and track web browsing activity and user identities in real-time (CVE-2022-22594). One month later, Apple released security updates to patch a new zero-day bug (CVE-2022-22620) exploited to hack iPhones, iPads, and Macs, which leads to OS crashes and remote code execution on compromised Apple devices. In March, two more actively exploited zero-days in the Intel Graphics Driver (CVE-2022-22674) and the AppleAVD media decoder (CVE-2022-22675), the latter patched today in older versions of macOS. These five zero-days impact iPhones (iPhone 6s and up), Macs running macOS Monterey, and multiple iPad models. Throughout last year, the company also patched a long list of zero-days exploited in the wild to target iOS, iPadOS, and macOS devices. Follow this thread and more on OUR FORUM.

Elon Musk’s Twitter purchase has thrust the social media censorship debate squarely into the limelight, triggering the left and elating the right. Celebrities and the liberal media were quick to denounce Musk’s stance on free speech (which is odd, given that those on the left were the advocates of the First Amendment just a decade ago) and some deleted their Twitter accounts. Conservatives, meanwhile, and anyone who cares about free speech, immediately raised the eccentric billionaire to superhero status. Almost overnight, he went from ‘cool rich guy who values free market capitalism’ to savior of the First Amendment. And maybe he will be. But let’s take a moment to zoom out on the bigger picture. Twitter is not Musk’s only darling, and maybe we’re placing too much of a burden on one man. Understandably, without Donald Trump in the White House, regular middle-class Americans long for a hero to disrupt the leftist elite empire. Someone influential, powerful, and brave and who will actually take substantive action is like a godsend to us. And at least on the surface, it appears Elon Musk could fill that role. He’s straight forward, seems genuine, and thus far, capable of dealing with the backlash from his enemies. However, Musk is, first and foremost, a businessman who loves building things and creating. When most of us were still playing with blocks, he was already writing code. It remains unclear how he’s going to like playing politics in the long term, and social media is inevitably political. While that’s not entirely new to the prolific tweeter, politics isn’t his usual territory. The billionaire has already walked back his “free speech absolutist” comments, explaining that what he really meant was free speech that adheres to the law. Fair enough, but the tweet came across as making him seem a bit less steady on his feet. And he will have to be plenty steady, because he’s going to need the proverbial fighting skills of Mike Tyson to handle what’s coming next under the Biden regime. After all, the Democrats have made it clear that they want to control all information to Orwellian extremes. Is Elon ready for that? And even if he is, there’s really only so much he can do with Twitter. It may be a private company, but private companies are subject to government regulations. The founder of multiple multi-billion-dollar companies, he knows this better than anyone and is no stranger to working with the US government and even seeking its help.
Despite being well known as a believer in a limited, hands-off type of government, Musk has on more than one occasion accepted subsidies from the US government for several of his companies. In addition, SpaceX currently has two contracts with the Pentagon to launch Falcon 9 rockets in the coming year. read more on our Forum

The 45th US President Donald Trump has no intention of coming back to Twitter, even after the platform’s acquisition by Tesla and SpaceX founder Elon Musk that was announced on Monday.
Trump told Fox News he will instead make his social media comeback on TRUTH Social, his own platform, in the coming days. “I am not going on Twitter, I am going to stay on TRUTH,” Trump told the cable network on Monday. “I hope Elon buys Twitter because he’ll make improvements to it and he is a good man, but I am going to be staying on TRUTH.” Trump’s own platform launched back in February, but he has yet to make an appearance there. He told Fox he plans to start “truthing” over the next seven days. The real-estate mogul turned Republican president famously leveraged his social media presence to bypass the legacy media in the 2016 campaign, first defeating the GOP establishment and then Democrat Hillary Clinton in the general election. He continued to use his personal Twitter account after taking office, prompting one federal judge to rule he’s not allowed to block critics. Following the January 6, 2021 riot at the US Capitol, however, Twitter “permanently suspended” Trump, saying some people could interpret his tweets as incitement of violence. Facebook, Instagram, and Snapchat quickly followed suit. Citing Twitter’s censorship of the satirical site Babylon Bee, Elon Musk made an offer to buy the platform earlier this month. Though the Twitter board initially rejected that bid and tried to insert a “poison pill” provision to head it off, on Monday they said they would accept his offer for a $44 billion takeover. “Free speech is the bedrock of a functioning democracy, and Twitter is the digital town square where matters vital to the future of humanity are debated,” Musk said in a statement announcing the purchase. Restoring the accounts censored on political grounds over the years – including Trump – is among the top requests Musk is currently getting on Twitter.

Read more: Trump won’t be back on Twitter even after Musk takeover

Over the past decade, Microsoft has pulled off a remarkable transformation of its public image in Europe — from bad boy to the most Brussels-friendly of tech giants? But that shine may now be coming off. In Brussels and across Europe, the Seattle-based giant faces a flurry of antitrust complaints about its cloud business as well as fresh claims that the company is not living up to its word on paying press publishers for their content. A new onslaught is picking away at Microsoft's image in Europe as the "friendly one" among Big Tech companies — a position that was painstakingly cultivated under the leadership of Microsoft's veteran lawyer-president, Brad Smith, during the past seven years. “Some companies have pretended for years to have cloaks of invisibility, but the spell has worn off. Abuse of market dominance is unfair and now that the abuse is slowly becoming visible, we as legislators will ensure that the cloaks no longer will work,” said Paul Tang, a left-wing Dutch member of the European Parliament. Microsoft has tactfully managed to avoid the heavy antitrust fines of yesteryear — the last significant one being a €561 million slap on the wrist in 2013 for failing to follow previous competition orders, closing a 10-year period in which it had racked up €2.24 billion in EU antitrust penalties. But practices are now emerging that hark back to the time when the company found itself in the EU's crosshairs, calling into question its straight-laced image. “Microsoft also engages in many of the same practices in the few areas where it has an entrenched position — in particular, how it uses Windows’ dominant position in PC operating systems to leverage into other markets,” said Zach Meyers, a senior research fellow at the Centre for European Reform. He was referring to the bundling of Microsoft's products and the promotion of its own services within its own systems — concerns that prompted office messenger service Slack to file a complaint to the European Commission in 2020, over concerns that the company had been illegally tying its Teams software, which competes with Slack's own, with its "market-dominant Office productivity suite." The Commission is still evaluating the complaint. Among pro-regulation pushes, Microsoft supported the EU’s recently adopted Digital Markets Act, pitching a series of "principles" for its own app store intended to curry favor with EU regulators working on the new rules. Smith himself contracted meetings with the bloc's digital czar Margrethe Vestager, in which he highlighted his company's commitment to the EU crackdown on Big Tech giants. But those stances are now being called into question amid a flurry of complaints, targeting one of Microsoft's largest and less-known businesses: cloud computing. In Q2 this year, the company’s commercial cloud revenues reached $22.1 billion. The European Commission has started to ask cloud computing companies about Microsoft’s practices in their market following complaints filed last year by the likes of French cloud outfit OVH Cloud and German player NextCloud. The former had accused Microsoft of abusive licensing terms while the latter was concerned about the bundling of the company’s OneDrive products and services with the Windows operating system. EU antitrust regulators circulated a questionnaire to Microsoft Azure partners and rival outfits in March, soliciting information on potentially abusive actions undertaken by the U.S. tech outfit regarding the licensing of its products. For its part, CISPE, a cloud services association representing some of the players involved in the Microsoft complaints, said that smaller firms that rely on Microsoft’s cloud have been afraid to speak out. “Fear of retaliation and dependency on its productivity software created a culture of omertà that prevented people from speaking out,” said Francisco Mingorance, secretary-general of CISPE. For more visit OUR FORUM.

A few years ago, Ken Crum started getting uncomfortable with how much of his life seemed to be online. The long-time computer programmer was particularly concerned by what companies appeared to know about him. The amount of personal information was mind-boggling to the 66-year-old Texan, who recently moved from Dallas to the small town of Weatherford. Data brokers were collecting his personal details. Social media was targeting ads at him. Then one day, after shopping at a local home improvement store, he got an email from the company asking how his visit was. While he can't be absolutely certain, he's pretty sure the company used location-tracking on his work phone to find him. He found it all unnerving. So Crum decided to pull himself off most social media, keeping just his LinkedIn account. He quit using Google in favor of DuckDuckGo, a search engine that promises to protect user privacy. He deleted tracking-prone "app crap" — his words — from his smartphone. And he tried to wrestle as much of his personal information back from the data brokers as possible, paying for a subscription to DeleteMe, a service that helps people remove information from databases. The data collection doesn't stop there. Your Yelp review of a pizza parlor or a comment you posted on your local newspaper's website all become part of your digital profile. They're used by marketers trying to get you to buy something, to support a policy, or to vote for a candidate. There are oodles of data about you. Most of that info is largely free for the taking. As you'd expect, there's no shortage of companies looking to profit from it. At last count, there were about 540 data brokers operating in the US, according to the Privacy Rights Clearinghouse, which based its estimate on numbers from data broker registries maintained by California and Vermont. The skyrocketing amount of consumer data online has also given cybercriminals new opportunities to exploit your personal details for identity theft, online scams, or other kinds of fraud. Once cybercriminals get your data, they use it to try to bust into your accounts or sell it to other cybercrooks. Get breached once and you may spend years cleaning up the mess. (Here's how to remove your personal information from the internet.) Creating massive databases of consumer profiles has gotten easier in recent years because of advances in artificial intelligence technology that allow for better cross-referencing and correcting of data, says John Gilmore, Abine's head of research. The databases are bigger and more accurate than ever. Though many people worry data brokers are mining their social media accounts for personal information to feed those databases, Gilmore says the vast majority of information comes from voter registration rolls, property and court records, and other conventional public sources. Still, smaller, questionably legitimate data farmers are likely scraping social media, as well as buying stolen consumer data off the dark web, Gilmore says. Worse, cybercriminals and extremists groups have used these methods. A few years ago, members of the alt-right — a loose collection of neo-Nazis and white supremacists — attempted to create data profiles of supposed far-left activists with the intent of using the data to dox and harass them. Those groups have a lot of data to work with these days. People have unwittingly become "data creators," Velasquez says. The digital footprint produced by the average person goes well beyond Facebook oversharing. Keeping tabs on the data created by online shopping, online entertainment and simply surfing the internet goes well beyond the capabilities of most people. More in-depth details are posted on OUR FORUM.