New iPhone/Mac Vulnerabilities That Can Impact Your Business

Standard

 

Recently Apple was hit with two big issues in the same month. These gave rise to concerns that Apple products might not be as secure as most think. The first of the two came in the form of a text message that can be sent to Apple iPhones.

The text, which is entirely in Arabic, can be sent to anyone with an iPhone, and it will immediately shut down the phone. While this is more of an annoying bug than a security concern (although it definitely can be viewed as a security concern, depending on the owner of the phone and his/her need for uptime), it doesn’t seem to be harmful to the devices. Users in the  Reddit.com forums found the bug, and it appears they did so by accident.

Credit: parts of this image are reproduced with permission from: https://commons.wikimedia.org/wiki/File:Unibody_Macbook.JPG.

Credit: parts of this image are reproduced with permission from: https://commons.wikimedia.org/wiki/File:Unibody_Macbook.JPG.

If your phone receives the dreaded text message, you will need to turn on your phone and delete that message. One workaround to the text issue is to go into the settings,and turn off text message previews that appear on the home screen. Apple is aware of the bug and will resolve the issue in its latest update, which should be coming very soon.

The second security concern, and one that is very critical to businesses is the latest exploit which allows someone to put a permanent backdoor onto your Mac by rewriting the firmware for the BIOS to allow remote connection to the device. This affects all Macs older than mid-2014.

The reason this security concern is so troubling is, unlike other types of exploits, where if you were to be hacked you could wipe your hard drive and start clean with the appropriate updates, this targets the BIOS, meaning no matter how often you wipe your hard drive, hackers can exploit the vulnerability over and over again.

The vulnerability can be enacted as soon as a machine is woken from Sleep Mode. The security researcher who found the exploit, Pedro Vilaca, stated you can stop your machine from going into Sleep Mode to bypass the exploit. However, Apple is aware of the exploit and should patch it soon. Vilaca also stated that this is very similar to last year’s “Thunderstrike Proof-of-Concept” exploit.

While nothing will protect against this current exploit (i.e. antivirus, anti-malware), it does show that as Macs become more popular, holes are being found in the OS and, in this case, in the hardware itself. Business owners must be aware of both where their employees go on the Internet and how to protect their assets from hacking attempts.

Everon offers antivirus for Macs, as well as PCs, with a product called Webroot Secure Anywhere. We can assist in setting up hardware proxies that will prevent unauthorized access to the Internet. If you have any questions about what we can do for your Apple environment, feel free to call our techs at 1-888-244-1748 (or email at info@everonit.com). We’re here for you. Twenty-four/seven, 365.

——-

You may also like:

 

Now Offering Webroot Antivirus

Standard

What this means to you

As a trusted IT adviser, one of our jobs is to constantly evaluate new technologies that come our way. After reviewing Webroot SecureAnywhere Antivirus endpoint protection software, we are confident it will be the best solution for many of our customers.

Webroot offers a revolutionary, cloud-based Antivirus technology that protects against advanced security threats in real-time. According to PCMagazine, “Webroot joins Bitdefender and Kaspersky as Editors’ Choice for commercial antivirus.”

What you need to know

Webroot graphic 1Webroot provides full remote user/endpoint management via cloud-based management console. Because it is cloud-based, there is no on-site-management hardware or software to operate or maintain.

Webroot also provides real-time threat detection. It can proactively protect against new security threats as they’re detected – sort of like your own, personal bouncer standing right outside your computer. While it requires an Internet connection, its offline mode protects the user against potential infections from removable media (CD/DVD, USB, etc.). It does this by taking a snapshot of the current computer configuration and then watching for any changes made to the system while the user is offline – especially changes that are typical of malicious software behavior.

Webroot graphic 2

Webroot also offers automated monitoring, roll-back, and infection remediation for the highest efficiency. In the MRG Effitas 360 Full Spectrum test, which measured a software’s time to detect an infection, Webroot was noted as being one of three solutions able to remediate a computer either on or before the first user reboot. Scan times are also dramatically reduced by logging only newly-introduced software and scanning only that software.

Is this solution ideal for you?

After the initial full system scan, additional scans typically take only 26 seconds compared to the industry average of close to 10 minutes. (This is according to the PassMark Software Performance Benchmark Testing, which gave Webroot an overall score of 97 out of 104. The second place software was a distant 70.)

Historically, the installation of an antivirus came with limitations that the user had to accept in order to get some level of protection. An antivirus could not be deployed in tandem with another antivirus, as these caused conflicts. Typical antivirus software also required a server console in order to adequately manage all workstations within a business.

Webroot alleviates the need for a server console by allowing full management of clients through the web-based console. It can be installed alongside other software because of its ability to heuristically scan for infections both on and offline. This is an ideal solution for companies with employees in remote locations, who don’t have direct access to a console server, or who have no server at all. This also means that license renewal is no longer a tedious, manual process for those workstations. Everything is managed directly through the web console and our installed monitoring software.

What should you do next?

So you’re interested in Webroot? If you are a current Everon customer, please feel free to contact your account manager to discuss whether this solution fits your current environment and needs. Not an Everon customer? No problem. Everon offers a remote IT department equipped to fully manage your small business’ technology needs. Please call us at 888-244-1748, or email us at info@everonit.com.