print   email   Share

Chatter Has Value: An Informed IT Workforce Is An Important Cybersecurity Prevention Strategy

A security researcher recently published details about a Safari browser bug after Apple delayed creating a patch.

The bug is contained in Safari's implementation of the Web Share API, a cross-browser API for sharing text, links, files, and other content. The bug could be used to leak or steal files from users' devices. For example, malicious web pages could invite users to email an article to their friends then secretly steal a file from their device.

The researcher who discovered the bug said that it is "not very serious" because social engineering and user interaction is necessary for files to be leaked. However, he did say that it is easy for cybercriminals "to make the shared file invisible to the user."

The researcher first reported the bug to Apple in April 2020. However, Apple delayed patching the bug until spring of 2021. Apple also allegedly tried to stop the researcher from publishing his findings until next spring.

Others have accused Apple of delaying patches and trying to silence security researchers. Google's Project Zero security team refused to participate in Apple's Security Research Device program because it claimed the rules were designed to limit public disclosure and keep researchers silent about their findings.

The infosec industry generally accepts a standard 90-day vulnerability disclosure deadline. Catalin Cimpanu "Security researcher discloses Safari bug after Apple delays patch" (Aug. 25, 2020).



Often, before an official announcement, others chatter about risks discovered. Cybersecurity companies will often announce when they find flaws in software that could lead to a future breach.

Following forums and chatrooms that are security-orientated is an early warning strategy that can help prevent risks sooner. Preventing risks sooner limits damages.

Consequently, it is important to monitor cybersecurity news sources in order to stay current. Although you can often count on software companies to release patches to protect you from the latest threats, it is not a guarantee.

There are a number of quality news sources for information about cyber risks. You can also follow the Department of Homeland Security’s Cybersecurity News and Updates.

In addition, this website provides information on many recent cybersecurity threats.

Of course, installing patches as soon as they become available is still essential to a strong cybersecurity practice. Set computers and devices to update automatically, or always install updates as soon as you are notified.

Finally, your opinion is important to us. Please complete the opinion survey:


New Fax Number for Best Practice Help Line

The fax line for Best Practice Help Line consultation requests is now 918-712-5965.

Remote Work Is Here To Stay, But So Are The Cyber Risks

More employees are going to work remotely. Learn why that presents even more cybersecurity challenges.

IT Communication Breakdowns Lead To Higher Data Security Risks

IT can assist employees working from home to stop a cyberattack, but employees must first make the call. We examine the cybersecurity issue of remote employees not communicating with IT.

Orion Malware Hack Increases The Need To Fortify A Vendor's Back Door

Microsoft found the Orion update malware on some of its network systems, emphasizing the serious nature of the hack. Learn how third-party suppliers increase cybersecurity risk.