[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Successor to CentOS] AlmaLinux OS server construction/migration service

[Successor to CentOS] AlmaLinux OS server construction/migration service

[For WordPress only] Cloud server “Web Speed”

[For WordPress only] Cloud server “Web Speed”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Reservation system development] EDISONE customization development service

[Reservation system development] EDISONE customization development service

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[Global exclusive service] Beyond's MSP in North America and China

[Global exclusive service] Beyond's MSP in North America and China

[YouTube] Beyond official channel “Biyomaru Channel”

[YouTube] Beyond official channel “Biyomaru Channel”

[Don't ignore it] The fear of ``vulnerabilities'' seen in iPhones from a while ago [Don't do it]

This is Yamada from the Systems Department.
Lately, a lot of Linux-related vulnerabilities have been announced, and
the server team I belong to has been very busy.
Apache, MySQL, glibc, opennssl...
This time we'll be talking about vulnerabilities that may not seem to concern you, but are actually very relevant.
A must-see for people who often use smartphones and computers.

What is vulnerability? ? ?

Vulnerability. That's a difficult word.
"Vulnerabilities in ____" give the impression of being technical and difficult, but
in essence, they refer to security "flaws" in the software that runs computers.

So, whether you're using a smartphone or a PC,
all complex electronic devices, including the recently popular smart home appliances,
contain some kind of "software."

Since "software" is basically created by humans, it
is naturally possible for it to have unexpected "defects" such as bugs and design mistakes.

That's why when manufacturers notice this "defect" they
provide "software" to fix it.
I often get notifications about ``Windows updates'' or ``iOS updates,'' and
when I look inside, it says something like ``Addressing vulnerabilities related to XXX.''

00-top_m
Something like this

However, I think a lot of people ignore this notification because they think it's a pain or they don't understand it.
That's no good.

fragile old story

This was just a few years ago, when the iPhone 4 was released, and
the OS running the iPhone 4, iOS 4.3.3, had an extremely dangerous vulnerability.

Basically, the parts of the iPhone that can be operated by general users are severely restricted
to ensure security and prevent strange things from getting into the iPhone.

However, it is true that iPhones have long had a practice known as "jailbreaking," and
by removing restrictions placed on general users,
there is a way to access important system settings and files that would normally not be touched. .


requires a process such as
connecting the iPhone to another computer and this "iOS 4.3.3" is more "jailbreaking" than any other terminal so far. was easy.


Surprisingly

, ``iOS 4.3.3'' has a flaw that allows a program that would normally not be executed due to security to be executed when opening a ``PDF'', which is a familiar electronic document file. You can "jailbreak" just by viewing the "PDF" from . That time was only a few tens of seconds.

hanzai_datsugoku

advantage of this to "jailbreak" unlocked iPhones and
remotely control them at will.
There was also a high risk that this "flaw" could be exploited to send a virus while browsing a website.
If you had an iPhone at the time, you could easily have your smartphone hijacked just by visiting a slightly suspicious website. It's scary.

This "flaw" was quickly addressed by Apple by distributing a fixed version of the software, but
ignoring something like this will leave you at risk forever.

Moreover, this is no old story;
just a few months ago, there was talk that a jailbreak method similar to this one would be used in iOS 9.3.2.
This is a story from 2016.

What do you do about being vulnerable? ?

So what should you do?
Basically, you shouldn't ignore update notifications, whether it's Windows, iPhone, Android, JAVA, or iTunes.
Please read the contents carefully, research them, and respond appropriately, even if it is troublesome.
If anything goes wrong, you will be responsible for it.

However, there are also fraudulent viruses that pretend to be security notifications, so you should be careful.

pop

Be careful about this. It's a scam!

By the way, why I chose this story this
time is because the other day I went to check on an acquaintance's PC for maintenance, and she
kept ignoring the "Java Update" notifications, so I thought I'd write this as a reminder. I did.

Now that it's getting colder, please be careful not to damage your body or your PC!

If you are concerned about server security, please click here.

If you found this article helpful , please give it a like!
0
Loading...
0 votes, average: 0.00 / 10
239
X facebook Hatena Bookmark pocket
[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

The person who wrote this article

About the author