![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Entry tags:
MAJOR vulnerabilities in Windows 10 and iOS
First, Apple. An exploit was found and weaponized that can root an iPhone or, apparently, also an iPad. You need to update your devices RIGHT NOW is you're running iOS 9. It will update your devices to 9.3.5. It's a small patch, less than 40 meg, so a fairly quick and painless update.
http://arstechnica.com/security/2016/08/actively-exploited-ios-flaws-that-hijack-iphones-likely-spread-for-years/
Windows 10 also has a big problem that is currently not patched, so it requires a registry edit to close the hole.
To update the registry, do the following steps:
Click the Start button, and in the search field, type in "regedit", then select "regedit.exe" from the list of results
Navigate through the tree to "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad"
Once you have the "Wpad" folder selected, right click in the right pane, and click on "New -> DWORD (32-Bit Value)"
Name this new value "WpadOverride"
Double click the new "WpadOverride" value to edit it
In the "Value data" field, replace the "0" with a "1", then click "OK"
Reboot the computer
Obviously this is not a trivial thing to do and messing with the wrong keys and values can brick your computer. I'm not sure if this is also a problem in earlier editions of Windows, so you should do a bit of research before doing something like this. It's already been fixed in most Linux distributions and also in MacOS.
https://it.slashdot.org/story/16/08/13/0149241/disable-wpad-now-or-have-your-accounts-compromised-researchers-warn
http://arstechnica.com/security/2016/08/actively-exploited-ios-flaws-that-hijack-iphones-likely-spread-for-years/
Windows 10 also has a big problem that is currently not patched, so it requires a registry edit to close the hole.
To update the registry, do the following steps:
Click the Start button, and in the search field, type in "regedit", then select "regedit.exe" from the list of results
Navigate through the tree to "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad"
Once you have the "Wpad" folder selected, right click in the right pane, and click on "New -> DWORD (32-Bit Value)"
Name this new value "WpadOverride"
Double click the new "WpadOverride" value to edit it
In the "Value data" field, replace the "0" with a "1", then click "OK"
Reboot the computer
Obviously this is not a trivial thing to do and messing with the wrong keys and values can brick your computer. I'm not sure if this is also a problem in earlier editions of Windows, so you should do a bit of research before doing something like this. It's already been fixed in most Linux distributions and also in MacOS.
https://it.slashdot.org/story/16/08/13/0149241/disable-wpad-now-or-have-your-accounts-compromised-researchers-warn