Proactive Computing | Optimizing IT for usability, performance and reliability since 1997

Category: #BugReport (Page 1 of 5)

Auto Added by WPeMatico

Microsoft Defender bug could fill up disks with thousands of files

Much of today’s modern operating systems are arcane black boxes that no one but the most experienced computer users know. Not that most users know where to look or have access to some folders anyway. So when a system app silently fills up a hidden folder with trash files, most users might not know where to look. This recent incident … Continue reading

Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Ewdison Then

Dell Patched a Critical Driver Flaw from 2009 Affecting Hundreds of PC Models

If you or anyone you know has a Dell computer, old or new, they should probably update it right away. Dell just released a security patch that addresses multiple vulnerabilities in hundreds of its computers dating back to 2009.

Read This Article on Review Geek ›

Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Cory Gunther

New Spectre attack once again sends Intel and AMD scrambling for a fix

Rows of beautifully colored computer components.

Enlarge (credit: Intel)

Since 2018, an almost endless series of attacks broadly known as Spectre has kept Intel and AMD scrambling to develop defenses to mitigate vulnerabilities that allow malware to pluck passwords and other sensitive information directly out of silicon. Now, researchers say they’ve devised a new attack that breaks most—if not all—of those on-chip defenses.

Spectre got its name for its abuse of speculative execution, a feature in virtually all modern CPUs that predicts the future instructions the CPUs might receive and then follows a path that the instructions are likely to follow. By using code that forces a CPU to execute instructions along the wrong path, Spectre can extract confidential data that would have been accessed had the CPU continued down that wrong path. These exploits are known as transient executions.

“Dangerous implications”

Since Spectre was first described in 2018, new variants have surfaced almost every month. In many cases, the new variants have required chipmakers to develop new or augmented defenses to mitigate the attacks.

Read 16 remaining paragraphs | Comments

index?i=mZVJ5SkuWxE:rhTfrtdp96I:V_sGLiPB index?i=mZVJ5SkuWxE:rhTfrtdp96I:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA

Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Dan Goodin

Researchers checked bugs into the Linux kernel to see if they’d get noticed. The bugs got through. Their uni got banned.

Researchers at the University of Minnesota checked deliberately bugulent code to the Linux kernel [PDF] to demonstrate how a malicious actor might slip past the open-source review process. They were successful, but at what cost: the extraordinarily hostile and impersonal research humiliated volunteers in person and the Linux Foundation in toto. — Read the rest

Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Rob Beschizza

An Android Bug Let Some Apps Improperly Access COVID-19 Tracing Data

Google Android figure standing on laptop keyboard with code in backgroundquietbits/

A privacy flaw in the Android version of Apple and Google’s COVID-19 exposure notification app potentially allowed other preinstalled apps to see sensitive data, including if users had contact with a COVID-positive person. Google is now working on rolling out a fix.

Privacy analysis firm AppCensus first noticed the bug in February and reported it to Google. However, according to The Markup, Google failed to address it at the time. The bug goes against multiple promises made by Apple CEO Tim Cook, Google CEO Sundar Pichai, and several public health officials that the data collected from the exposure app would not be shared beyond an individual’s device.

“The fix is a one-line thing where you remove a line that logs sensitive information to the system log. it doesn’t impact the program, it doesn’t change how it works,” said Joel Reardon, co-founder and forensics lead of AppCensus in the same interview with The Markup. “It’s such an obvious fix, and I was flabbergasted that it wasn’t seen as that.”

The article also shared a quote from Google spokesperson José Castañeda, who stated “We were notified of an issue where the Bluetooth identifiers were temporarily accessible to specific system level applications for debugging purposes, and we immediately started rolling out a fix to address this.”

Hands holding Android phone and iPhone together displaying their logos, respectivelyDaria Nipot/

In order for the exposure notification system to work, it needs to ping anonymized Bluetooth signals of devices with the system activated. Then, in the event one of the users tests positive for COVID-19, it works with health authorities to send an alert to other users who came into contact with that person with corresponding signals that are logged in the phone’s memory.

The issue is that, on Android phones, contract-tracing data is logged in privileged system memory. While most of the apps and software running on these devices don’t have access to this, apps that are preinstalled by manufactures like Google or LG or Verizon do have special system privileges that allow them to potentially access these data logs, making them vulnerable. 

AppCensus has found no indications that any preinstalled apps have collected data, however, nor did it find this to be the case with the exposure notification system on iPhones. The company’s Chief Technology Officer, Serge Egelmen, emphasized on Twitter that the bug is an implementation issue and not the fault of the exposure notification system and that it should damage the public’s trust in public health technologies. 

via The Verge

Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Suzanne Humphries

AirDrop Security Flaw Exposes 1.5 Billion Apple Devices, Researchers Say


Apple’s AirDrop feature is a convenient way to share files between the company’s devices, but security researchers from Technische Universitat Darmstadt in Germany are warning that you might be sharing way more than just a file.

Read more…

Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Victoria Song

PSA: Update Your Apple iOS Devices Right Now to Patch an Active Vulnerability

You know that age-old advice of waiting before you update a device, just in case? Ignore that. Update your iPad right now. Update your Apple Watch right now. Update your iPhone right now. Don’t even finish reading this article; go update your stuff, then come back. Apple just patched a big problem.

Read This Article on Review Geek ›

Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Josh Hendrickson

AirPods Max Battery Drain Issue Fixed With New Firmware Update

AirPods Max with a full battery icon.Apple

On March 9th, Apple quietly pushed an AirPods Max firmware update to fix the headphones’ frustrating battery drain issue. While Apple is yet to acknowledge that the battery drain issue exists, user reports on Twitter and a test by the Review Geek staff confirms that updated AirPods Max no longer lose their charge while sitting in the Smart Case.

AirPods Max, which don’t have a power button, enter a low power mode to preserve battery while resting in their Smart Case. But according to Apple Support documentation, it takes 18 hours of non-use for the AirPods Max to enter an “ultra-low” power mode, which disables Bluetooth and Find My communications—two of the AirPods Max’s most power-hungry features.

First reported by 9to5Mac, the 3C39 firmware update appears to force AirPods Max into ultra-low power mode after just 30 minutes in their smart case. That’s a lot faster than the original 18-hour wait time! AirPods Max users who experienced significant battery drain while charging or using the headphones also report that their problems are resolved, a sign that the 3C39 update may include some bug fixes on top of the improved ultra-low power mode.

AirPods Max battery usage in the Smart Case before and after the latest firmware update. I think they’ve fixed it.

— Guilherme Rambo (@_inside) March 12, 2021

Your AirPods Max should automatically update to the 3C39 firmware when connected to a charger and in the same room as your iPhone, iPad, or Mac. To check your AirPods Max firmware version, open your iPhone’s Settings, go to the Bluetooth menu, find your AirPods Max in the list of devices, and press the “i” icon. If you don’t have the 3C39 firmware yet, try listening to music on the headphones for a few minutes and connecting them to their charger.

Back in February, we suggested that people avoid buying AirPods Max until Apple resolve the headphones’ battery drain problems. Now, thanks to the 3C39 firmware update, we can confidently recommend Apple’s premium headphones to people who want a premium listening experience (and don’t mind the $550 price tag).

Source: Apple via 9to5Mac

Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Andrew Heinzman

« Older posts