外觀看似是一台一沒有預載系統的 iMac,但單純只能做為外接螢幕的 Apple Studio Display 的厚度卻又多了 50%,到底是怎麼一回事呢?iFixit 在拆機後給了我們答案。
在拆機報告中,iFixit 表示 Studio Display 的內部結構相當複雜(還是 iMac 易於精簡?),原因是 Apple 把 M1 版 iMac 本來外置的電源供應器都整合到機身裡,所以一打開就會看到有多層設計的電源供應電路板。有了這樣巧妙的工程設計之後,才能做到僅用一根 USB-C 線驅動整片 Studio Display,進行供電和數據傳輸的工作。
另外一個 Studio Display 的賣點,就是飽受批評的具人物置中功能 12MP 超廣角相機,iFixit 發現其模組是跟 iPhone 11 的完全一樣,所以大家理應能獲得比評測表現更好的視訊體驗才是。
選擇自動更新 iOS 通常比較慢接收到通知?Apple 說這是合理的
Apple 經常以他們 iOS 更新度高、滲透速度快而自豪,同時也經常提醒用戶可以選用 iOS 的自動下載更新功能來簡化步驟。不過也有一些用戶發現,選用了自動更新的功能後,反倒在每次有 iOS 更新推出時都要再多等一下子,才會看到裝置有接收到更新的通知。為此, Reddit 用戶 u/Kechoopix 就特意透過電腦向負責 iOS 的 Apple SVP Craig Federighi 查詢,而且更獲得了意外誠實的回覆。
MacRumors 引述回覆電郵的內容報導,Federighi 確認用戶自行進入設定頁來查看 iOS 更新包,是會直接取得更新;但如果用戶是依賴自動更新機制來獲得更新,通常會在獲得首批用戶的回饋後的 1 至 4 星期內,再陸續收到通知。
有關的做法似乎是合理的,因為 Apple 在推送更新包後,也是需要有實際用戶回報有沒有其他的 bug 藏著,然後再盡早修正。因此選用自動更新的大多數使用者,會獲得更穩定的新版本系統。同時考慮到 Apple 裝置的龐大數量,伺服器也的確會需要些時間才能比較大規模地推送。
風險: 中度風險
類型: 操作系統 - LINUX
於 Linux 內核發現多個漏洞。攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、繞過保安限制、權限提升及敏感資料洩露。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
對於 SUSE
對於 Ubuntu
對於 Red Hat
RISK: Medium Risk
TYPE: Operating Systems - Linux
Multiple vulnerabilities were identified in Linux Kernel. A attacker could exploit some of these vulnerabilities to trigger denial of service condition, security restriction bypass, elevation of privilege and sensitive information disclosure on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
For SUSE
For Ubuntu
For Red Hat
風險: 極高度風險
類型: 保安軟件及應用設備 - 保安軟件及應用設備
在 Sophos Firewall 發現一個漏洞。遠端使用者可利用此漏洞,於目標系統觸發遠端執行任意程式碼。
[更新於 2022-03-30] CVE-2022-1040 漏洞正被廣泛利用,風險程度相應地由中度風險升級到極高度風險。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce
注意:已啟用了“允許自動安裝修補程序”功能的 Sophos Firewall 客戶無需執行任何操作。預設設置是已啟用。
RISK: Extremely High Risk
TYPE: Security software and application - Security Software & Appliance
A vulnerability has been identified in Sophos Firewall. A remote user can exploit this vulnerability to trigger remote code execution on the targeted system.
[Updated on 2022-03-30] CVE-2022-1040 is being exploited in the wild and the risk level is changed from medium risk to extremely high risk correspondingly.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce
Note: There is no action required for Sophos Firewall customers with the "Allow automatic installation of hotfixes" feature enabled. Enabled is the default setting.
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Google Chrome 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼及洩露敏感資料。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and sensitive information disclosure on the targeted system.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 保安軟件及應用設備 - 保安軟件及應用設備
在 Sonicwall Firewall 發現一個漏洞。遠端使用者可利用此漏洞,於目標系統觸發阻斷服務狀況。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003
RISK: Medium Risk
TYPE: Security software and application - Security Software & Appliance
A vulnerability has been identified in Sonicwall Firewall. A remote user can exploit this vulnerability to trigger denial of service condition on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003
RISK: Extremely High Risk
TYPE: Clients - Browsers
A vulnerability was identified in Google Chrome. A remote user can exploit this vulnerability to trigger remote code execution on the targeted system.
Note:
CVE-2022-1096 is being exploited in the wild.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
RISK: Extremely High Risk
TYPE: Clients - Browsers
A vulnerability was identified in Microsoft Edge. A remote user can exploit this vulnerability to trigger remote code execution on the targeted system.
Note:
CVE-2022-1096 is being exploited in the wild.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 保安軟件及應用設備 - 保安軟件及應用設備
在 Sophos Firewall 發現一個漏洞。遠端使用者可利用此漏洞,於目標系統觸發遠端執行任意程式碼。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce
注意:已啟用了“允許自動安裝修補程序”功能的 Sophos Firewall 客戶無需執行任何操作。預設設置是已啟用。
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce
RISK: Medium Risk
TYPE: Security software and application - Security Software & Appliance
A vulnerability has been identified in Sophos Firewall. A remote user can exploit this vulnerability to trigger remote code execution on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce
Note: There is no action required for Sophos Firewall customers with the "Allow automatic installation of hotfixes" feature enabled. Enabled is the default setting.
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce
風險: 中度風險
類型: 操作系統 - 雲端及叢集
在 Western Digital My Cloud 發現一個漏洞。遠端使用者可利用此漏洞,於目標系統觸發遠端執行任意程式碼。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
https://www.westerndigital.com/support/product-security/wdc-22006-my-cloud-os5-firmware-5-21-104
https://www.westerndigital.com/support/product-security/wdc-22006-my-cloud-os5-firmware-5-21-104
RISK: Medium Risk
TYPE: Operating Systems - Cloud & Cluster
A vulnerability has been identified in Western Digital My Cloud. A remote user can exploit this vulnerability to trigger remote code execution on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
https://www.westerndigital.com/support/product-security/wdc-22006-my-cloud-os5-firmware-5-21-104
https://www.westerndigital.com/support/product-security/wdc-22006-my-cloud-os5-firmware-5-21-104
風險: 中度風險
類型: 操作系統 - Network
於 F5 產品中發現一個漏洞。遠端攻擊者可利用這個漏洞,於目標系統觸發阻斷服務狀況。
BIG-IP (all modules)
Traffix SDC
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
https://support.f5.com/csp/article/K31323265
RISK: Medium Risk
TYPE: Operating Systems - Networks OS
A vulnerability was identified in F5 Products. A remote attacker could exploit this vulnerability to trigger denial of service condition.
BIG-IP (all modules)
Traffix SDC
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
https://support.f5.com/csp/article/K31323265
風險: 中度風險
類型: 操作系統 - LINUX
於 Linux 內核發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼及權限提升。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
對於 SUSE
對於 Ubuntu
RISK: Medium Risk
TYPE: Operating Systems - Linux
Multiple vulnerabilities were identified in Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and elevation of privilege on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
For SUSE
For Ubuntu
風險: 中度風險
類型: 操作系統 - Network
於 Netgear 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、洩露敏感資料及繞過保安限制。
詳情請參閱以下連結﹕
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
