This Weeks Topics
Adobe Flash, Reader, Acrobat and Shockwave Updates
iOS SMS Spoofing and Phishing
This week we discuss the recent Adobe updates. While no specific threat in the wild currently targets Mac OSX there are zero days targeting unpatched versions on the Windows platform. Criminals have regularly used the Adobe update cycle as cover to fool Mac users into installing malicious software, usually in the form as a Flash Player.
SMS protocol is vulnerable to spoofing, this includes all version of iOS. A recent release of a tool to make this process easier can allow a criminal to create SMS Phishing messages, what is called SMiShing. The pattern is similar to email phishing as are the defenses, do not visit links sent via unsecure comminication. There are a host of tools that this proof of concept was built off of. Some that requirer your iPhone to be Jail Broken, something you should never do. (See Reference Links) I consider this really low risk. Using iMessage prevents this form of attack, so for clients or users that are Mac/iOS based use iMessage.
Lastly I have some thoughts on Cloud based services. It is important that businesses and users realize that while the data is in the cloud, the responsibility for compliance and security is completely their responsibility.