Kategorie
Microsoft’s Secure Boot has been broken for a decade and no one noticed until now
An industry-wide standard Microsoft invented to protect Windows, and later Linux, devices from firmware infections has been trivial to bypass for 13 of its 14 years of existence. The discovery was made by researchers at security firm ESET after identifying 11 firmware images, at least one from 2013, that were known to be defective but remained signed by the software company anyway.
The images are known as shims, which were invented to extend Secure Boot to Linux devices and utility software. Using a technique simple enough to be performed by novice hackers, these old, forgotten shims can be used to completely circumvent the protection, which is embedded into the UEFI (Unified Extensible Firmware Interface) of the device's motherboard. The gaffe is the result of Microsoft, which oversees the signing of shims, failing to revoke the publicly available images once vulnerabilities were found in them.
Threat extends to Windows and Linux usersThe threat extends to Windows and Linux users alike, since the shim can be installed on devices running both operating systems. From there, an attacker can subvert the mandated chain of digitally signed firmware to install malicious firmware that loads early in the boot process and persists after either the OS is reinstalled or a hard drive is replaced.
SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now
Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack
Spanish Police take down €140 million cyber fraud ring, arrest four
Nearly 300 GitHub repos pose as legit software to push malware
Microsoft releases Windows 10 KB5099539 extended security update
SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data
Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days
Windows 11 KB5101650 & KB5099414 cumulative updates released
Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Reads
LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts
Progress confirms ShareFile zero-day flaw behind Storage Zone shutdown
Siri AI steals the show as the iOS 27 public beta lands
Apple has released the first public betas of its “27” series of operating systems, and feedback so far suggests they’re already very stable builds, even at this early end of the release cycle.
For most intrepid public beta testers, the big attractions here are Siri AI and the heavily improved Apple Intelligence tools – though Siri AI is not yet available in Europe due to regulatory problems there. Overnight social media commentary has been highly positive, with Siri widely seen as delivering on what we always thought it should be rather than the limited product it became.
Caveat emptorOnce installed, the new operating system is fast and better performing on the iPhone, though there are some limitations anyone considering the beta should consider first:
- This is beta software; things can and sometimes do go wrong. So don’t install it on your primary device unless you know how to restore your device and its data.
- Some critical apps such as banking tools, VPNs and some smart home management software are reported to be unstable at times.
- Once the public beta is first installed, there’s a lengthy period during which your device will rebuild its database; this can take many hours and performance will be affected.
- As the OS beds in, users might experience sudden battery drain or the device might seem warmer than usual.
- You’ll need to join a lengthy Siri waitlist before you can install the updated Siri AI.
- Siri AI requires significant hardware capabilities and only runs on iPhone 15 Pro, iPhone 16 and iPhone 17 models. Alternatively, you must have an M1 or later Mac or an iPad running an M1 chip or later, or A17 Pro (iPad mini).
Siri AI is the big reward here. Joanna Stern called it “significantly better.” It will provide you with much better responses than its predecessor, and its contextual understanding is sophisticated and advanced.
That’s because Siri can search across your messages, emails, photos and more to help you find what you’re looking for and has some understanding of where you are and what you are doing to help it make even more accurate decisions. It is faster than it’s ever been with a dedicated app (which includes logs of your interactions) and a new glowing design when activated.
The assistant can now hold an ongoing conversation with you, understands what’s on screen, and take some actions in apps. One way that might be useful is if you are looking at a recipe online, you can ask Siri to write up a shopping list for the recipe ingredients and paste it in a Note. Siri has become much more knowledgeable than in the past thanks to its expanded and updated world knowledge database.
Apple Intelligence has been beefed up, too, with keyboard tools much improved on the last version. Siri can even reflect your personal tone and style based on the person you’re communicating with when sending a Mail or Messages post.
Apple and the imageThe Camera app now has a new Siri mode; it can do things like identify objects and people, or import event details from a leaflet. You can easily search or ask questions about what’s around you, and there are useful new actions you can take, such as getting nutritional insights about a plate of food.
Image Playground wasn’t terribly impressive when it first appeared, and a lot of people did little with it. It seems much better now, capable of generating photo-realistic images in virtually any style from natural language prompts or editing existing images. It’s a useful step up.
Another impressive feature is Spatial Reframing. This lets you shift the composition of a photo after you’ve taken it, using AI to create accurate renditions of what is outside the frame. A new Extend tool lets you expand images, which is useful for adjusting aspect ratios or creating Lock Screen wallpapers.
The future on your wristIf you use an Apple Watch, you’ll be impressed, as the contextual AI extends to that device. So, you can have context-savvy conversations with your watch and ask it to do tasks on your behalf. It makes it feel like a bona fide computer on your wrist and bodes well for other future wearable products from the company.
There are lots of other interesting features in the beta. Call Context can automatically surface the information you need, like a confirmation code or reservation number, when calling up a business. And a new Notify Me feature in Safari lets you know when a web page changes, so you can watch for stock availability or ticket sales.
How to install the betaIf you’re interested in installing the new OSes, Apple’s Beta Software Program website should be your first port of call. You’ll need to sign in to access the betas using your Apple Account. Once you’ve done that, open Settings and go to Software Update; there you can select Beta Updates and choose the 27 series Public beta. Tap Update Now and the installation will begin.
You can follow me on social media! Join me on BlueSky, LinkedIn, Mastodon, and subscribe to The Core.
LastPass, Bitwarden users targeted with fake security alerts
GhostLock Exposes an Uncomfortable Truth About Open Source Security
You Don't Have to Run an Exploit to Know If You're Vulnerable
RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata
How Linux Security Teams Spot Vulnerabilities Before CVEs Are Published
Microsoft Entra ID gets passkeys default authentication starting September
New phishing kits target Microsoft 365 accounts, evade MFA
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- …
- následující ›
- poslední »



