For this latest edition of the Weekly Cybernote, we have chosen three hot topics that have made waves this week in the cybersecurity ecosystem. First of all, we will talk about the notorious vulnerability on Internet Explorer that gave Windows XP users quite a scare. Then, we will continue on the subject of browsers with the flaw that targets Safari in Mac OSX. Lastly, we will discuss France’s place in the annual number of cyber-attacks.
The zero-day vulnerability on Internet Explorer fixed in Windows XP
Microsoft seems to have hogged the headlines this week, with a zero-day flaw targeting Internet Explorer. Having announced the end of support for Windows XP on April 8th, Microsoft had decided not to provide any patches for this vulnerability under the OS. On May 1st, Microsoft obviously had a change of heart and provided a security patch (MS14-021) that is valid for all versions of Internet Explorer (IE6 to IE11), and for all versions of Windows (including XP). Adrienne Hall, General Manager at Microsoft, also explained that the buzz surrounding this vulnerability had been exaggerated, as very few attacks had been launched on this particular flaw. Whatever it is, people are starting to wonder what Microsoft’s position is with regard to Windows XP, which was supposed to no longer be patched since 8 April.
A security flaw that went unfixed for three weeks on Safari iOS
Safari may not create as much buzz as Internet Explorer due to a smaller following, but security issues have clearly marred Apple’s signature browser. According to a former Apple security engineer, iOS users remained exposed to known security issues – previously patched in Safari for Mac OSX – for more than three weeks. In short, the vendor let three weeks go by between its patch for Safari Mac and the one for Safari iOS. Kristin Paget, the security researcher in question, left Apple in late January to join Tesla Motors. Incidentally, she was a vocal critic of the way Apple delivered fixes.
France one of the top 5 European nations exposed to advanced threats
According to a report published by FireEye, France was in the top 5 European countries most affected by targeted attacks. It even holds the record number of economic sectors hit by professional cybercriminals. From agriculture to finance, and technology and education, all sectors were recently treated to their dose of advanced and targeted attacks, commonly known as APTs. France came in fifth among the European national with the highest number of APTs, behind Germany, the UK, Switzerland and Luxemburg. The sectors that were affected the most were the public sector (25%) and finance (22%).