Patch Tuesday February 2023: time to show your computing devices some security love.
Patch Tuesday February 2023
Time to show all your small business computing devices some security love. If you’re not sure why you should patch or what to patch, read my Patch Primer for Small Business.
Urgent Apple update
Apple released updates for macOS and iThingys to fix a zero day vulnerability in its WebKit browser engine. Apple reports they are aware that this issue may have been actively exploited.
Updates macOS13.2.1, iOS 16.3.1, iPad 16.3.1 and Safari 16.3.1 fix the flaw. Apple also fixed another flaw (providing very few details) that again affects macOS and iThingys.
Hackers are definitely taking a bite out of Apple this month.
Car Security: Hyundai and Kia
A new category this month. Hyundai and Kia are rushing out software updates for their vehicles. Recently some ne’er-do-wells posted a video on TikTok showing how to hijack Hyundai and Kia cars by removing the steering column protector which exposes a USB-A slot that can be used to start the car. The video went viral leading to lots of hacked cars.
Apparently the software updates at the dealerships will take just under an hour.
More details on Hyundai and Kia USB hack here.
Adobe updated Photoshop, Bridge, Connect and Framework this month. No updates for Acrobat or Acrobat reader.
Small businesses who don’t need a Windows server but want some kind file server sometimes use QNAP devices. QNAP devices need security love too. Researchers estimate there are tens of thousands of QNAP devices in office and homes that are vulnerable to attack without security updates.
More on the QNAP security update here.
Before I get to the security updates I want mention two big changes coming to Windows. The first is Microsoft is removing Internet Explorer from your computer. Remember Internet Explorer? Microsoft released the last version of Internet Explorer 11 in 2013. Microsoft replaced it Microsoft Edge. If your business still has dependencies on IE 11 you can’t rollback the update removing IE from Windows 10.
The second Microsoft Mayhem moment is Microsoft Edge and Adobe Acrobat are getting married next month. Yes, Microsoft Edge has ditched its old first PDF wife, the free one, for a more expensive younger model.
You will have to pay for the wedding if you use Edge to edit PDFs. You will have to buy Adobe Acrobat to edit PDFs in the browser. Or find some other cheaper product to do the editing. This will start to be rolled out in the March 2023 Patch Tuesday updates. More details in my Edge Getting Married to Acrobat blog.
This Valentine’s Day Microsoft released 75 patches to fix three actively exploited vulnerabilities, nine critical updates and sixty-six important ones. Patches affect both Windows and Microsoft 365/Office products. More details on Microsoft’s Patch Tuesday here.