720-891-1663

Alerts, Apple, Security Practices

Cybersecurity 2025 is no Better Than Cybersecurity 20**

Leave a comment

We are definitely starting with a bang.

First Apple patched a flaw that affects the system integrity of macOS.

Using a third-party kernel extension Microsoft discovered a vulnerability in Apple’s System Integrity Protection, a feature that if functioning correctly, will reduce the risk from operations that affect system integrity. The flaw could enable hackers to install rootkits underneath the operating system, create malware with privileged access and make macOS easier to compromise. Apple has patched the bug and likely most systems have deployed the fix.

Apparently Apple believes in the crazy notion of “security by obscurity”, meaning that if we don’t release any documentation about how the system works people won’t be able to hack it. Apparently, that concept is invalid.

Credit: Data Breach Today

Also today, Microsoft patched three bugs in their virtualization platform, Hyper-V, that are zero-days that are currently being exploited. Now that they are out in the wild and people know that users are bad about patching, it will really be exploited.

Microsoft’s patch Tuesday today fixed 160 vulnerabilities, the biggest batch in 8+ years.

If you have hyper-V installed on your Windows machine the bugs will allow a hacker to become SYSTEM, not a good thing. But that only represents 3 of 160 bugs.

12 of the bugs are rated critical and many, they say, allow for remote code execution.

Remote code execution risks have been identified in Microsoft Digest Authentication, Remote Desktop Services, Windows OLE, Microsoft Excel and the Windows Reliable Multicast Transport Driver (RMCAST).

January’s patch fest follows behind a record number of patches in December.

While three of these bugs are under “active exploitation”, five of them are “known” by the hackers.

In fact, more than three dozen of the bugs lead to privilege escalation or admin privileges.

This is, of course, in addition to the patches from other vendors. Adobe, for example, released patches for 14 bugs.

Credit: Security Week

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2025 CyberCecurity, All rights reserved. Privacy Policy