iGaming Business magazine iGB 112 Sept/Oct 2018 | Page 18

Tech & Innovation
Information
security
ROUND-UP
Justin Bellinger analyses the latest threats to our infrastructure and
livelihoods and shares fi xes and patches for them. In wider news he takes
a look at points of interest from hacking conference DefCon 2018
Justin Bellinger is carrier, wholesale and business
development director at Sure International, based in Guernsey.
He has been integral in driving forward the company’s
global igaming strategy and his portfolio includes some of
the biggest brands in the sector.
Software
Microsoft has rolled out some 60 patches in the latest
Patch Tuesday release, including two zero-day patches
in the 19 critical fl aws that were fi xed in the releases.
A further 39 important fl aws were also fi xed in the
cumulative updates. All fi xes are covered off in updates
for all versions of Windows, including Microsoft Edge,
Internet Explorer, Microsoft Offi ce, Visual Studio, .NET
Framework, Microsoft SQL Server, Microsoft Exchange
Server and Adobe Flash Player.
Apple’s latest releases are iOS 11.4.1 for iPhone, iPad, or
iPod touch, while macOS is now on 10.13.6, tvOS is 11.4.1
and watchOS is on 4.3.2. Some 12 security patches were
included in iOS 11.4.1, the majority of which addressed
fl aws in WebKit.
The good news is that USB Restricted Mode made it
into iOS 11.4.1, making it much harder for anyone who
has misappropriated your device to crack it through the
Lightning port. The feature is disabled by default but you’ll
fi nd it in the Touch ID and Passcodes section in settings.
A useful tip is that if you need to enable this mode
in a hurry, pressing the power button on your phone
fi ve times in quick succession will enable the mode
irrespective of the switch in the settings.
Recent updates to macOS 10.13.6 also address some
12 security fl aws in the operating system. Since the
16
iGamingBusiness | Issue 112 | September/October 2018
update was released, news has emerged from DefCon
2018 that it is possible to dupe the macOS, through
synthetic mouse clicks, into bypassing security prompts.
Digita Security’s chief research offi cer Patrick Wardle
accidentally discovered the fl aw after pasting two
consecutive synthetic “down” clicks into some code and
compiling it. The synthetic clicks were misinterpreted by
High Sierra as a manual legitimate click.
It is expected that new features in macOS 10.14
Mojave will prevent such attacks from occurring, as
they completely block all synthetic events. Apple’s new
operating system is due out later this year.
Linux has been affected by two bugs, FragmentSmack
and SegmentSmack. Both of the bugs, which affect
Redhat and Ubuntu among other variants of Linux,
could trigger a remote denial of service attack through
very small amounts of data. Check with your maintainer
for any information on mitigation or patches for affected
kernel versions.
Oracle has urged users to install a critical patch
as soon as possible. Oracle Database versions 11.2.0.4,
12.1.0.2 and 12.2.0.1 are all affected by an attack that
can be executed remotely. The attack can result in
complete compromise of the Oracle Database and
shell access to the underlying server. The new patch
takes the company outside of its normal quarterly
patch release schedule. Further details can be found
under CVE-2018-3110.
Network and hardware
Intel is reeling from yet another security fl aw on some
of its chips, the third time this year after the discovery
of Meltdown and Spectre in January. The company has