Checklist 324: Real Threats from Artificial Intelligence
On this week’s Checklist:
- Important Apple security updates
- AI and cybersecurity
- The FBI agrees with us
Apple updates iOS, iPadOS, macOS, and Safari
Apple has just released important security updates for its major OSes and Safari. The updates were issued as macOS 13.3.1 (Ventura), macOS 12.6.5 (Monterey), and macOS 11.7.6 (Big Sur); iOS 16.4.1 and 15.7.5; iPadOS 16.4.1 and 15.7.5; and Safari 16.4.1.
The updates patched two different security vulnerabilities:
- A WebKit bug that could have allowed bad guys to gain code execution using maliciously crafted web content.
- A framework flaw that could have let a malicious application execute code with kernel permissions.
Apple says that it has received “reports” of the vulnerabilities being actively exploited—which we tend to take as a sign that these bugs are actually being abused in the wild. If you are running an operating system for which one of the above patches is available, update your device right away.
Is ChatGPT causing cybersecurity issues?
Large Language Model (LLM) ChatGPT has been blamed for many ills. Now we can add cybersecurity problems to the list—although this may not be entirely the fault of the next-generation AI chatbot.
Cyberhaven has released a report that says numerous company employees are attempting to use ChatGPT in their day-to-day work—and are carelessly entering sensitive company data into the AI tool in the process. The risk is considered significant enough that large companies like JP Morgan and Verizon have now banned ChatGPT at the office.
Stories like this are a reminder of an important cybersecurity principle:
Whenever a new technology is available, it’s wise to be cautious. The risks and potential threats involved are poorly understood. In addition, bad guys try to take advantage of new technology. Be wary of anything to do with ChatGPT at the moment—and be sure to check and double-check any software, extensions, or tools that claim to be associated with ChatGPT.
Low battery? Be careful…
Way back on Checklist 164, we said that public phone charging stations were a potential security risk, because one can never be sure if a bad actor has tampered with them.
It seems that the FBI agrees—and has just released a PSA on Twitter advising the public to avoid “free charging stations in airports, hotels, or shopping centers.”
A safer option is to use your device’s charger with a standard wall outlet. Hardware hacking tools tend to be based on the cable and the device connection, so an electrical outlet presents less risk. An even better option: Carry your own portable charger or battery case when you’re out and about in order to avoid unknown outlets.
Lastly, keep in mind that security researchers have proven the viability of Lightning cables as hacking tools, so Apple users should heed this warning as well!