Microsoft Finally Ending Basic Auth
by Artie Kaye
The function of basic auth has been to allow authentication data to be sent across the internet in plain text. This is a security risk, and the function was announced to be removed in 2019. Starting in October it will be disabled partly, allowing those who still use it to manually turn it back on if needed. Come January, 2023, the entire functionality of basic auth will be terminated. The October changes can be a signal to users who still rely on the functionality, but are not aware of the upcoming retirement. This will cause disruptions for many people. If your systems use basic auth, Microsoft has posted about what you need to do, you can find the link below.
Apple Patches Older Devices
by Artie Kaye
A vulnerability discovered in the WebKit tool on Apple devices was patched. This affects Safari as well as third party web browsing applications. Its function could allow malicious code to be arbitrarily executed. This update is for many older devices released by Apple, ranging from iPhone 5’s to iPad Mini’s. The bug does not afflict iOS 12. If you have an Apple device, please update to protect yourself.
https://www.securityweek.com/ios-12-update-older-iphones-patches-exploited-vulnerability
https://thehackernews.com/2022/09/apple-releases-ios-update-for-older.html