Patch Tuesday December 2021

Patch Tuesday December 2021: evergreen security updates and advice for your small business. Why update? Besides security, more and more software vendors are refusing to patch or support older versions of software. This means your software will stop working or parts of the software will stop working.

Apple Bytes

Apple released a ton of security updates yesterday (December 13th) for all their devices. All their devices running the 4 most recent versions of Apple software that is.

Two really interesting items were updated. One is that iOS 15.2 has updated the Privacy feature so you can now view which apps have have accessed your location, photos, camera, microphone, contacts and more during the last seven days, as well as their network activity and how often.

Apple has also updated your Apple ID so you can designate people as your Legacy Contacts who can access your iCloud account and data in the event of your death.

An unwanted update to iOS 15.2 is Apple constantly prompting to add a credit card to Apple Pay. It does this under the pretense of “finish setting up your device”.

More about all the Apple security bytes here.

Microsoft Mayhem

Microsoft released updates to fix six critical vulnerabilities this Patch Tuesday December 2021. Windows 10 users will find two updates to install. I found it made Windows 10 really unstable after the reboot. Not only was Windows slow, every program was slow loading and operating including Microsoft Edge and Office software like Word. Looking at the task manager, it was still running install services after downloading, installing, rebooting with more installing.

I highly recommend you carefully schedule installing these updates. Allow lots of time before you will be able to actually use your computer for work.

Google Chrome

Google updated Chrome as part of Patch Tuesday. In Chrome go to the three little dots on the upper right hand side. Click Help and then About Chrome. Check for updates.

I suspect this update is related to the Log4Shell vulnerability affecting multiple web services.

Log4Shell Vulnerability

You may have seen headlines recently about a vulnerability in a computer software that has invited 100 hacking attempts a minute. This is the Log4Shell vulnerability that affects the Java programming language. Java is used primarily in web sites and web applications.

Cloud services like Apple iCloud, Steam and the app Minecraft are already known to be vulnerable.

Hackers have been user the vulnerability to install crypto-currency minters, steal logins and extract data.

The only thing a small business owner can do about this one is wait for vendors to update their software. Unless your business runs your own server using open-source software (i.e. Linux) or a custom designed java based web application, then you need to worry.

More details on Log4Shell here.

Patch Tuesday December 2021

An ounce of patching is cheaper than a pound of hacking.