SlideShare a Scribd company logo

Advisory-65.pdf

K
KalimullahKhan17

Cyber Security

Technology
1 of 2
Download to read offline
Cr- (4) Disable iMessage feature available in iPhones. GOVERNMENT OF PAKISTAN CABINET SECRETARIAT CABINET DIVISION (NTISB) No. 1-5/2003/24(NTISB-II) Islamabad, the 21st November, 2023 Subject. - Cyber Security Advisory - Apple Products Operation Triangulation Linked with CVE Patch Update (Advisory No. 65) Introduction. Apple has released security patches to mitigate critical vulnerability, CVE-2023-32434 (Integer overflow vulnerability). In July, 2023, Apple had fixed three CVEs linked with the Operation triangulation as follows: CVE-2023-32435. CVE-2023-38606. CVE-2023-41990. Impact. CVE-2023-32434 is being actively exploited by threat actors in connection with "Operation Triangulation" to execute malicious code (with kernel privileges) to gain unauthorized access of victim devices. Affected Products. Apple iPhone, iPad and iPod running iOS version 15.7 and below are affected with the above-mentioned vulnerability and consequently patches/updated versions are available. Recommendations. Above in view, all users are advised to ensure the f oWing: a. Specific Safety Steps All Apple users should immediately upgrade to iOS latest version (17.0.3 or above). Kaspersky Lab's online malware scanning/detection tool named as "triangle_check_tool" may be utilized to inspect suspicious Apple devices. Enable Lockdown Mode (optional; extreme protection mode) to block cyber-attack. M (112-0PS) M (IFt-P) M (Ci:',..OP'l 1 i( I fv11Ji M (1;..11 ) f.il (Ref ormr.`, mi Ii.20.11?.. ACC. Cm) .Ac 1-.:1 Sot y (1+, ..v.Div.) N..." j c.I'S
Generic Security Steps for Apple Users Protect devices with strong passcodes and use two factor authentications on Apple ID. Install apps from official Apple Store only to avoid malware/infection Use anonymity-based solutions (over intemet while surfing) and mask identiiy-of key appointment holders/individuals. Always disable location from Apple devices. Subscribe to Apple's security bulletins, threat notifications and auto OS update features. 5. Kindly disseminate the above information to all concerned in your organizations, all attached/affiliated departments and ensure necessary protective measures. ; (Muhammad lisman Taric) Assistant Slecretary (NTISB-II) Ph# 051-9204560 All Secretaries of Ministries/Divisions of the Federal Government and Chief Secretaries of the Provincial Governments Copy to: Principal Secretary to the PM, Prime Minister's Secretariat, Islamabad Secretary to the President, Aiwan-e-Sadar, Islamabad Cabinet Secretary, Cabinet Division, Islamabad Additional Secretary-Ill, Cabinet Division, Islamabad Director General (Tech), Dte Gen, ISI Islamabad Director (IT), Cabinet Division, Islamabad

Recommended

Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0
mobileironmarketing
 
ME Information Security
ME Information SecurityME Information Security
ME Information Security
Mohamed Monsef
 
NSA advisory about state sponsored cybersecurity threats
NSA advisory about state sponsored cybersecurity threatsNSA advisory about state sponsored cybersecurity threats
NSA advisory about state sponsored cybersecurity threats
Ronald Bartels
 
Presentation about security i.t.
Presentation about security i.t.Presentation about security i.t.
Presentation about security i.t.
MarianaGilMartnez1
 
Presentation about security I.T.
Presentation about security I.T.Presentation about security I.T.
Presentation about security I.T.
HugoBarrionuevoSobri
 
Advanced Mobile Safety with SAFEFI
Advanced Mobile Safety with SAFEFI Advanced Mobile Safety with SAFEFI
Advanced Mobile Safety with SAFEFI
Dr. Edwin Hernandez
 
iPhone and iPad Security
iPhone and iPad SecurityiPhone and iPad Security
iPhone and iPad Security
Simon Guest
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
SLBdiensten
 

Recommended

Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0
mobileironmarketing
 
ME Information Security
ME Information SecurityME Information Security
ME Information Security
Mohamed Monsef
 
NSA advisory about state sponsored cybersecurity threats
NSA advisory about state sponsored cybersecurity threatsNSA advisory about state sponsored cybersecurity threats
NSA advisory about state sponsored cybersecurity threats
Ronald Bartels
 
Presentation about security i.t.
Presentation about security i.t.Presentation about security i.t.
Presentation about security i.t.
MarianaGilMartnez1
 
Presentation about security I.T.
Presentation about security I.T.Presentation about security I.T.
Presentation about security I.T.
HugoBarrionuevoSobri
 
Advanced Mobile Safety with SAFEFI
Advanced Mobile Safety with SAFEFI Advanced Mobile Safety with SAFEFI
Advanced Mobile Safety with SAFEFI
Dr. Edwin Hernandez
 
iPhone and iPad Security
iPhone and iPad SecurityiPhone and iPad Security
iPhone and iPad Security
Simon Guest
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
SLBdiensten
 
MIT-6-determina-vps.ppt
MIT-6-determina-vps.pptMIT-6-determina-vps.ppt
MIT-6-determina-vps.ppt
webhostingguy
 
Top 6-Security-Threats-on-iOS
Top 6-Security-Threats-on-iOSTop 6-Security-Threats-on-iOS
Top 6-Security-Threats-on-iOS
Innovation Network Technologies: InNet
 
OWASP: iOS Spelunking
OWASP: iOS SpelunkingOWASP: iOS Spelunking
OWASP: iOS Spelunking
Mikhail Sosonkin
 
200:1 - Do You Trust Your Mobile Security Odds?
200:1 - Do You Trust Your Mobile Security Odds? 200:1 - Do You Trust Your Mobile Security Odds?
200:1 - Do You Trust Your Mobile Security Odds?
Blueboxer2014
 
Zotob Worm
Zotob WormZotob Worm
Zotob Worm
yotengo4
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference
Fabio Pietrosanti
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
qqlan
 
10 security enhancements
10 security enhancements10 security enhancements
10 security enhancements
Vishal Gurujuwada
 
Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it
Moon Technolabs Pvt. Ltd.
 
Computer Literacy Lesson 31
Computer Literacy Lesson 31Computer Literacy Lesson 31
Computer Literacy Lesson 31
cpashke
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
 
[Austria] How we hacked an online mobile banking Trojan
[Austria] How we hacked an online mobile banking Trojan[Austria] How we hacked an online mobile banking Trojan
[Austria] How we hacked an online mobile banking Trojan
OWASP EEE
 
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Subho Halder
 
Iommu tracing reviewed
Iommu tracing reviewedIommu tracing reviewed
Iommu tracing reviewed
Samsung Open Source Group
 
[CLASS2014] Palestra Técnica - Franzvitor Fiorim
[CLASS2014] Palestra Técnica - Franzvitor Fiorim[CLASS2014] Palestra Técnica - Franzvitor Fiorim
[CLASS2014] Palestra Técnica - Franzvitor Fiorim
TI Safe
 
Audit and security application
Audit and security applicationAudit and security application
Audit and security application
Rihab Chebbah
 
Forklift Impact Management, Defender system
Forklift Impact Management, Defender systemForklift Impact Management, Defender system
Forklift Impact Management, Defender system
Ted Jurca
 
SAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
SAE 2014 - Cyber Security: Mission Critical for the Internet of CarsSAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
SAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
Andreas Mai
 
Security Testing Report Hitachi Application Q1 Sep 2015
Security Testing Report Hitachi Application Q1 Sep 2015Security Testing Report Hitachi Application Q1 Sep 2015
Security Testing Report Hitachi Application Q1 Sep 2015
Hitachi Solutions America, Ltd.
 
Untitled 1
Untitled 1Untitled 1
Untitled 1
Sergey Kochergan
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
Samir Dash
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Exakis Nelite
 

More Related Content

Similar to Advisory-65.pdf

MIT-6-determina-vps.ppt
MIT-6-determina-vps.pptMIT-6-determina-vps.ppt
MIT-6-determina-vps.ppt
webhostingguy
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
qqlan
 

Similar to Advisory-65.pdf (20)

MIT-6-determina-vps.ppt
MIT-6-determina-vps.pptMIT-6-determina-vps.ppt
MIT-6-determina-vps.ppt
 
Top 6-Security-Threats-on-iOS
Top 6-Security-Threats-on-iOSTop 6-Security-Threats-on-iOS
Top 6-Security-Threats-on-iOS
 
OWASP: iOS Spelunking
OWASP: iOS SpelunkingOWASP: iOS Spelunking
OWASP: iOS Spelunking
 
200:1 - Do You Trust Your Mobile Security Odds?
200:1 - Do You Trust Your Mobile Security Odds? 200:1 - Do You Trust Your Mobile Security Odds?
200:1 - Do You Trust Your Mobile Security Odds?
 
Zotob Worm
Zotob WormZotob Worm
Zotob Worm
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
 
10 security enhancements
10 security enhancements10 security enhancements
10 security enhancements
 
Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it
 
Computer Literacy Lesson 31
Computer Literacy Lesson 31Computer Literacy Lesson 31
Computer Literacy Lesson 31
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
[Austria] How we hacked an online mobile banking Trojan
[Austria] How we hacked an online mobile banking Trojan[Austria] How we hacked an online mobile banking Trojan
[Austria] How we hacked an online mobile banking Trojan
 
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
 
Iommu tracing reviewed
Iommu tracing reviewedIommu tracing reviewed
Iommu tracing reviewed
 
[CLASS2014] Palestra Técnica - Franzvitor Fiorim
[CLASS2014] Palestra Técnica - Franzvitor Fiorim[CLASS2014] Palestra Técnica - Franzvitor Fiorim
[CLASS2014] Palestra Técnica - Franzvitor Fiorim
 
Audit and security application
Audit and security applicationAudit and security application
Audit and security application
 
Forklift Impact Management, Defender system
Forklift Impact Management, Defender systemForklift Impact Management, Defender system
Forklift Impact Management, Defender system
 
SAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
SAE 2014 - Cyber Security: Mission Critical for the Internet of CarsSAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
SAE 2014 - Cyber Security: Mission Critical for the Internet of Cars
 
Security Testing Report Hitachi Application Q1 Sep 2015
Security Testing Report Hitachi Application Q1 Sep 2015Security Testing Report Hitachi Application Q1 Sep 2015
Security Testing Report Hitachi Application Q1 Sep 2015
 
Untitled 1
Untitled 1Untitled 1
Untitled 1
 

Recently uploaded

Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
panagenda
 

Recently uploaded (20)

AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
How to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in PakistanHow to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in Pakistan
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
 

Advisory-65.pdf

  • 1. Cr- (4) Disable iMessage feature available in iPhones. GOVERNMENT OF PAKISTAN CABINET SECRETARIAT CABINET DIVISION (NTISB) No. 1-5/2003/24(NTISB-II) Islamabad, the 21st November, 2023 Subject. - Cyber Security Advisory - Apple Products Operation Triangulation Linked with CVE Patch Update (Advisory No. 65) Introduction. Apple has released security patches to mitigate critical vulnerability, CVE-2023-32434 (Integer overflow vulnerability). In July, 2023, Apple had fixed three CVEs linked with the Operation triangulation as follows: CVE-2023-32435. CVE-2023-38606. CVE-2023-41990. Impact. CVE-2023-32434 is being actively exploited by threat actors in connection with "Operation Triangulation" to execute malicious code (with kernel privileges) to gain unauthorized access of victim devices. Affected Products. Apple iPhone, iPad and iPod running iOS version 15.7 and below are affected with the above-mentioned vulnerability and consequently patches/updated versions are available. Recommendations. Above in view, all users are advised to ensure the f oWing: a. Specific Safety Steps All Apple users should immediately upgrade to iOS latest version (17.0.3 or above). Kaspersky Lab's online malware scanning/detection tool named as "triangle_check_tool" may be utilized to inspect suspicious Apple devices. Enable Lockdown Mode (optional; extreme protection mode) to block cyber-attack. M (112-0PS) M (IFt-P) M (Ci:',..OP'l 1 i( I fv11Ji M (1;..11 ) f.il (Ref ormr.`, mi Ii.20.11?.. ACC. Cm) .Ac 1-.:1 Sot y (1+, ..v.Div.) N..." j c.I'S
  • 2. Generic Security Steps for Apple Users Protect devices with strong passcodes and use two factor authentications on Apple ID. Install apps from official Apple Store only to avoid malware/infection Use anonymity-based solutions (over intemet while surfing) and mask identiiy-of key appointment holders/individuals. Always disable location from Apple devices. Subscribe to Apple's security bulletins, threat notifications and auto OS update features. 5. Kindly disseminate the above information to all concerned in your organizations, all attached/affiliated departments and ensure necessary protective measures. ; (Muhammad lisman Taric) Assistant Slecretary (NTISB-II) Ph# 051-9204560 All Secretaries of Ministries/Divisions of the Federal Government and Chief Secretaries of the Provincial Governments Copy to: Principal Secretary to the PM, Prime Minister's Secretariat, Islamabad Secretary to the President, Aiwan-e-Sadar, Islamabad Cabinet Secretary, Cabinet Division, Islamabad Additional Secretary-Ill, Cabinet Division, Islamabad Director General (Tech), Dte Gen, ISI Islamabad Director (IT), Cabinet Division, Islamabad