Apple said the WebKit bug could be exploited if a vulnerable device accessed or processed 'maliciously craft-
           ed web content that may lead to arbitrary code execution'.


           The  second  bug  allowed  a  malicious  application  'to  execute  arbitrary  code  with  kernel  privileges,'  which
           means full access to the device.


           The two flaws are believed to be related.



           Apple's explanation of the vulnerability means a hacker could get 'full admin access to the device' so that they
           can 'execute any code as if they are you, the user'.

             Criminals posting counterfeit Microsoft prod-


                    ucts to get access to victims' computers



           Microsoft has confirmed that criminals are posting counterfeit packages designed to appear like Office prod-
           ucts in order to defraud people.

           One such package is manufactured to a convincing standard and contains an engraved USB drive, alongside a
           product key.


           But the USB does not install Microsoft Office when plugged in to a computer. Instead, it contains malicious
           software which encourages the victim to call a fake support line and hand over access to their PC to a remote
           attacker.

           Microsoft launched an internal investigation into the suspect package. The company spokesperson confirmed
           that the USB and the packaging were counterfeit and that they had seen a pattern of such products being used
           to scam victims before.

           They added that while Microsoft had seen this type of fraud, it is very infrequent. More often when fraudulent
           products are sold they tend to be product keys sent to customers via email, with a link to a site for download-
           ing the malicious software.


           "Microsoft is committed to helping protect our customers. We take appropriate action to remove any suspect-
           ed unlicensed or counterfeit products from the market and to hold those targeting our customers accountable,"
           the spokesperson said.

           Unlike phishing emails and other forms of online scam which can be distributed to millions of potential vic-
           tims with negligible costs for the criminals, physical packages will cost a significant amount to manufacture
           and post, meaning they risk a much lower return on investment for criminal enterprises.

           As soon as they had plugged the USB into the computer, a warning screen appeared saying there was a virus.

           To get help and fix the issue, they needed to call a toll-free number to get the computer up and running again.

           As soon as they called the number on screen, the helpdesk installed some sort of TeamViewer (remote access
           program) and took control of the victim's computer.

           The best bit of advice, either for this attack or others, is to follow the 'Stop, Think, and Decide' model.

           Are you expecting this parcel? Is this a product that Microsoft offers? If you do get stuck, use a search engine
           to find the correct helpline number, rather than trusting one provided by the suspect product.