Microsoft has advised Google that “because of the complexity of the fix, they do not yet have a fixed date set as of yet.” which is surprising as Google provided a great amount of detail on the bug.
Fedex bought and a shut down a company recently that stored 119,000 pieces of scanned customer IDs on an Amazon cloud server which was not secured, leaving the scans online for anyone to find.Fedex bought Bongo International in 2014 which specialised in allowing North American companies to sell overseas. In April 2017 Fedex closed the company but did not perform an audit on it’s data-handling.
Fedex say they can’t find any trace of someone accessing the data, Kromtech, who made the discovery think the data may have been online since 2009.
Mac apps run in a sandbox to aid security and control what resources they can access, however one function they can all access is the screenshot function, which they can do without user intervention, and therefore monitor what you are doing including accessing the usernames and passwords you use.Here are the potential threats
- Read password and keys from password managers
- Detect what web services you use (e.g. email provider)
- Read all emails and messages you open on your Mac
- When a developer is targeted, this allows the attacker to potentially access sensitive source code, API keys or similar data
- Learn personal information about the user, like their bank details, salary, address, etc.
There is currently no solution to this problem.