Five things to update ASAP

[harlan4096]

Prioritize updating the apps that keep your devices and personal data safe from cyberattacks.

Rest assured, there is no global conspiracy to bug you with update notifications. As you may have noticed, unpatched software enables a large proportion of cyberattacks, which is why developers are constantly fixing vulnerabilities in their programs, and why you’re constantly getting alerts about updates.

Update the software, patch the vulnerabilities, foil the crooks.

To learn more about the situation, we investigated user attitudes about updates in two dozen countries. It turned out that every other person we surveyed is inclined to click “Remind me later.” That being the case, here’s a handy list of the five most important types of software to update — the ones worth tearing yourself away from work or play.

1. Operating system

The operating system is the shell within which all programs on your computer or mobile device run, so security problems here can have very serious consequences. By exploiting a vulnerability in the operating system, cybercriminals can encrypt your data and demand ransom for it, mine cryptocurrency on your hardware, intercept your payment details, discover materials for extortion, and more.

Operating system attacks are some of the most massive and destructive attacks out there. For example, through a vulnerability in Windows, WannaCry and NotPetya ransomware compromised hundreds of thousands of computers worldwide, leading to losses in the billions of dollars (read more about it in our history of ransomware post). The Windows updates that addressed the vulnerability — the updates that would have thwarted the attacks — had long been available for download at the time of both WannaCry and NotPetya outbreaks.

Tracing and fixing vulnerabilities in operating systems is an ongoing process, so updates should be regular. This applies to both computers and mobile devices.

2. Browser

Browsers, too, can give attackers access to a device. For example, cybercriminals can inject a malicious script into website code for drive-by attacks; victims need only open a Web page to pick up the malware.

The creators of an exploit for Chrome carried out such an attack, using a browser vulnerability to download a Trojan to victims’ computers. Although Chrome’s developers quickly released an update that patched the vulnerability, users who put off installing it remained easy prey.

Don’t forget about preinstalled browsers such as Safari or Edge. Even if you opened it only once to download Firefox or Chrome, it is still there. Some attacks harness programs that are simply in the system, regardless of whether you use them. Users of iOS and iPadOS versions older than 14.2 had to reckon with a bug in the Safari engine that allowed attackers to run other programs.

3. Office productivity software

We are forever viewing and editing documents, so it should come as no surprise that cybercriminals often use bugs in the Microsoft Office and Adobe suites for attacks.

For example, cybercriminals used a vulnerability in Microsoft Word’s DDE feature to download Locky ransomware to victims’ devices. A ransom demand followed, with a threat to destroy or publish confidential data. A short while later, Microsoft released a patch. The moral of the story: To keep your files, reputation, and money safe, update office software the moment you can.
...

Continue Reading