macos Archives - Planet IT

Azure AD is becoming Microsoft Entra ID

July 14, 2023/in Backup, Cloud, data, datacentre, Education, IT Security, Latest Tech, Security, Software, windows 11 /by Lewis Kitchen

You may not yet be too familiar with Microsoft Entra, but it’s about to become a much bigger part of your Microsoft environment.

Microsoft Azure AD, the cloud-based identity and access management solution that powers millions of organisations, is becoming Microsoft Entra ID.

This change reflects Microsoft’s vision to provide a unified and comprehensive identity platform that helps you secure your organization, empower your employees, and enable your digital transformation.

With Microsoft Entra ID, you can benefit from the latest innovations in identity protection, governance, and management, as well as seamless integration with Microsoft 365, Azure, and other cloud services.

ID Protection: Prevent account compromise with machine learning.

ID Protection helps you detect and stop identity attacks in real time. It uses advanced machine learning to identify sign-in anomalies and user behaviour that indicate a risk of compromise. For example, it can trigger a Conditional Access policy that requires strong authentication methods for accessing sensitive resources. This way, you can protect your accounts from phishing, malware, and other threats.

ID Dashboard: Monitor your identity security posture with insights and recommendations.

ID Dashboard shows you the impact of your identity protections, the most common attack patterns, and your organisation’s risk exposure. You can view metric cards and attack graphs that show risk origins, security posture over time, and types of current attacks. You can also get recommendations based on best practices and industry standards. With these insights, you can further investigate your security posture in other tools and applications.

ID Governance: Automate access governance with workflows and self-service.

ID Governance helps you ensure that only the right identities have the right access at the right time. It automates the employee identity lifecycle to reduce manual work for IT and increase employee productivity. It also provides machine learning-based insights about identities and app entitlements. You can use workflows and self-service to grant and revoke access to cloud and on-premises apps from any provider and custom-built apps hosted in the public cloud or on-premises. This way, you can comply with organizational and regulatory security requirements.

Apple Software – Critical WebKit Vulnerability: CVE-2023-37450

July 14, 2023/in Backup, Cloud, data, datacentre, Education, IT Security, Latest Tech, Security, Software, windows 11 /by Simon Williams

Apple has recently released a number of security advisories to address a zero-day vulnerability in Safari, iOS, iPadOS, and macOS Ventura. An attacker could exploit this vulnerability (being tracked as CVE-2023-37450) to achieve remote code execution. It has been reported that this vulnerability is being actively exploited, which means that attackers are currently using this security flaw to gain unauthorised access to systems, potentially leading to data theft, system damage, or other malicious activities. It is therefore imperative that you check and apply these patches as soon as possible.

Apple Rapid Security Response

Apple has rolled out a new protocol, termed Rapid Security Responses, to expedite the release of critical security enhancements in between regular software updates for iOS, iPadOS, and macOS. This approach allows for a more immediate response to certain security issues such as this one. Upon the application of a Rapid Security Response, a letter is appended to the software version number, indicating that the update has been implemented.

Who and What is Affected?

The vulnerability affects all devices running: iOS, iPadOS, and macOS Ventura that have not been updated to the latest security patches. This includes iPhones, iPads, and Mac computers. The exploit could be triggered by a vulnerable browser processing specially crafted (malicious) web content, leading to remote code execution.

How Can Attackers Exploit This Vulnerability?

Attackers can exploit this vulnerability by creating a webpage or web content that includes malicious code designed to exploit the vulnerability in Apple WebKit. They then need to trick the victim into opening this malicious webpage. This could be done through a phishing email, a message, or by compromising a website that the victim trusts and visits often. Once the victim opens the malicious webpage on a vulnerable browser, the malicious code is executed.

What Could Happen If This Vulnerability Is Exploited?

With the ability to execute arbitrary code, an attacker could potentially gain control over the victim’s device. This could allow them to install malware, steal sensitive data, create backdoors for future access, and more. In essence, the attacker could gain the same access to the device as the user, leading to a significant breach of privacy and security.

How to Patch This Vulnerability?

Apple has addressed this issue with improved checks in their Rapid Security Response updates. The patches were initially released for macOS Ventura 13.4.1 (a), iOS 16.5.1 (a), iPadOS 16.5.1 (a), and Safari 16.5.2. However, due to a bug in Safari, some of the updates were pulled. Apple has since released new fixes to address this issue.

To patch this vulnerability, users should update their devices to the latest software versions:

iOS 16.5.1 (a) and iPadOS 16.5.1 (a), released on July 10, 2023.

iOS 16.5.1 (c) and iPadOS 16.5.1 (c), released on July 12, 2023.

macOS Ventura 13.4.1 (a), released on July 10, 2023.

To check for updates, go to the settings of your device, select ‘General’, and then ‘Software Update’. If an update is available, tap ‘Download and Install’.

Again, big changes coming with macOS Big Sur – be careful for now

November 4, 2020/in Backup, Cloud, General, IT Security, macOS, Software /by James Dell

macOS Big Sur is about to release to the public and as we have highlighted across several of our blog posts in the last few months, this brings large scale changes.

If you are running any of the following on your macOS device;

Antivirus or Antimalware software
Encryption Management software (File Vault Management)
Virtualization Applications
Dual Booting / Boot Camp
Containerized Applications

The we strongly recommend you hold off updating when the update is released, this follows several press statements from major software vendors like this one from Sophos. In which they detail the challenges of the short time frame and moving to Apples new API approach.

If you have any concerns of about your business software or upgrading we recommend that you speak to your Planet IT account manager who will be able to assist you with compatibility guides and information from the vendors specific to your business. If you’re not already a Planet IT client, then feel free to reach out to me directly on [email protected]

The landscape and support for macOS Big Sur WILL improve. We do not expect this to happen in the next few weeks but do expect most vendors to have support by the end of 2020.

To read more on this story you can see our previous blog posts on the subject here:

This might sound controversial, but resist that big MacOS update, for now!

macOS the big change with Big Sur

We know this goes against the usual advice you might hear from us or other IT experts, so in the meantime if you would like to discuss with myself or any of the highly skilled team here at Planet IT about how to keep your business operating, secure and safe in the changing world of the Mac you can reach us using the contact details below;

Contact me at – LinkedIn Message James Dell or Email : [email protected]

Talk to the rest of the team – Call 01235 433900 or Email : [email protected]

Posts