Last week both Apple and Google issued critical patches. It is reported that both Apple and Chrome bugs are being exploited in the wild. In addition, news broke about Apples new IOS 17 NameDrop feature, which has prompted police and child advocates to recommend disabling the feature.

Apple has released patches to address two security vulnerabilities in IOS (iPhones and iPad) devices and Mac OS computers.  The vulnerability affects IOS devices running IOS 17 and computers running macOS Monterey, Ventura, and Sonoma systems. Checking and confirming updates on all Apple devices is critical to maintaining security.

Google has released security updates for its Google Chrome browser on all platforms. The critical vulnerability allows compromise of targeted systems by clicking on malicious links and visiting malicious websites.

Apple NameDrop is a feature of the latest IOS 17 that was released in September. It allows users to share contact data simply by bringing two IOS 17 iPhones together. The concern is that users, including children, may inadvertently share contact information with strangers enabling harassment and other illicit behavior. Apple points out that this feature does not work with locked phones and does require approval from the user.

What do I need to do?

Users of mobile devices such as Apple iPhone and iPad should check for and install updates manually. Additionally, we recommend disabling the NameDrop feature.

Specifically users should take the following actions:

• All Mac systems users should complete the installation of patches when prompted and not delay or defer them. Updates can be manual installed following the directions below:
  • Apple MacOS: https://support.apple.com/en-us/HT201541
• Users should check for and install updates for all Apple IOS devices.
  • Apple IOS: https://support.apple.com/guide/iphone/update-ios-iph3e504502/ios
• Disable NameDrop on IOS 17
  • Go to Settings>General>AirDrop and disabling the option titled “Bring Devices Together”

Additional Details:

• https://www.bleepingcomputer.com/news/apple/apple-fixes-two-new-ios-zero-days-in-emergency-updates/
• https://www.macrumors.com/2023/11/27/ios-17-namedrop-misinformation/
• https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-6th-zero-day-exploited-in-2023/

As always if you have any additional questions or concerns about this latest security disclosure, please feel free to reach out.