It's been a busy week for security vulnerabilities. ZombieLoad affects all recent Intel processors, and Apple has issued a fix for it. A serious WhatsApp vulnerability made the evening news because it was so dangerous. And Google and Microsoft had a few issues as well.
WhatsApp exploit let attackers install government-grade spyware on phones (https://techcrunch.com/2019/05/13/whatsapp-exploit-let-attackers-install-government-grade-spyware-on-phones/)
Facebook's brief explanation of the WhatsApp vulnerability (https://www.facebook.com/security/advisories/cve-2019-3568)
You probably weren’t a target of the WhatsApp surveillance hack (https://techcrunch.com/2019/05/14/whatsapp-vulnerability-risk/)
Buffer overflow (Wikipedia) (https://en.wikipedia.org/wiki/Buffer_overflow)
Remote code execution, or arbitrary code execution (Wikipedia) (https://en.wikipedia.org/wiki/Arbitrary_code_execution)
Secure Real-time Transport Protocol (Wikipedia) (https://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol)
Microsoft Issues Urgent Fix For Windows In First XP Patch Since WannaCry (https://www.forbes.com/sites/kateoflahertyuk/2019/05/15/microsoft-issues-urgent-fix-for-windows-in-first-xp-patch-since-wannacry/)
Titan-ic disaster: Bluetooth blunder sinks Google's 2FA keys, free replacements offered (https://www.theregister.com/2019/05/15/google_titan_bluetooth_key_security_flaw/)
Apple security updates (https://support.apple.com/en-us/HT201222)
Episode 13: Is My Computer's CPU Secure? (discussion of Meltdown and Spectre)
Additional mitigations for speculative execution vulnerabilities in Intel CPUs (https://support.apple.com/en-us/HT210107)
How to enable full mitigation for Microarchitectural Data Sampling (MDS) vulnerabilities (https://support.apple.com/en-us/101870)
SGX enclaves (https://web.archive.org/web/20200307192117/https://software.intel.com/en-us/blogs/2016/06/06/overview-of-intel-software-guard-extension-enclave)
CPUSetter (https://www.whatroute.net/cpusetter.html)
Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.
