#FactCheck: An image shows Sunita Williams with Trump and Elon Musk post her space return.

Executive Summary:

Apple has quickly responded to two severe zero-day threats, CVE-2024-44308 and CVE-2024-44309 in iOS, macOS, visionOS, and Safari. These defects, actively used in more focused attacks presumably by state actors, allow for code execution and cross-site scripting (XSS). In a report shared by Google’s Threat Analysis Group, the existing gaps prove that modern attacks are highly developed. Apple’s mitigation comprises memory management, especially state management to strengthen device security. Users are encouraged to update their devices as soon as possible, turn on automatic updates and be careful in the internet space to avoid these new threats.

Introduction

Apple has proved its devotion to the security issue releasing the updates fixing two zero-day bugs actively exploited by hackers. The bugs, with the IDs CVE-2024-44308 and CVE-2024-44309, are dangerous and can lead to code execution and cross-site scripting attacks. The vulnerabilities have been employed in attack and the significance of quick patch release for the safety of the users.

Vulnerabilities in Detail

The discovery of vulnerabilities (CVE-2024-44308, CVE-2024-44309) is credited to Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group (TAG). These vulnerabilities were found in JavaScriptCore and WebKit, integral components of Apple’s web rendering framework. The details of these vulnerabilities are mentioned below:

CVE-2024-44308

• Severity: High (CVSS score: 8.8)
• Description: A flaw in the JavaScriptCore component of WebKit. Malicious web content could cause code to be executed on the target system and make the system vulnerable to the full control of the attacker.
• Technical Finding: This vulnerability involves bad handling of memory in the course of executing JavaScript, allowing the use of injected payloads remotely by the attackers.

CVE-2024-44309

• Severity: Moderate (CVSS score: 6.1)
• Description: A cookie management flaw in WebKit which might result in cross site scripting (XSS). This vulnerability enables the attackers to embed unauthorized scripts into genuine websites and endanger the privacy of users as well as their identities.
• Technical Finding: This issue arises because of wrong handling of cookies at the state level while processing the maliciously crafted web content and provides an unauthorized route to session data.

Affected Systems

These vulnerabilities impact a wide range of Apple devices and software versions:

• iOS 18.1.1 and iPadOS 18.1.1: For devices including iPhone XS and later, iPad Pro (13-inch), and iPad mini 5th generation onwards.
• iOS 17.7.2 and iPadOS 17.7.2: Supports earlier models such as iPad Pro (10.5-inch) and iPad Air 3rd generation.
• macOS Sequoia 15.1.1: Specifically targets systems running macOS Sequoia.
• visionOS 2.1.1: Exclusively for Apple Vision Pro.
• Safari 18.1.1: For Macs running macOS Ventura and Sonoma.

Apple's Mitigation Approach

Apple has implemented the following fixes:

• CVE-2024-44308: Enhanced input validation and robust memory checks to prevent arbitrary code execution.
• CVE-2024-44309: Improved state management to eliminate cookie mismanagement vulnerabilities.

These measures ensure stronger protection against exploitation and bolster the underlying security architecture of affected components.

Broader Implications

The exploitation of these zero-days highlights the evolving nature of threat landscapes:

• Increasing Sophistication: Attackers are refining techniques to target niche vulnerabilities, bypassing traditional defenses.
• Spyware Concerns: These flaws align with the modus operandi of spyware tools, potentially impacting privacy and national security.
• Call for Timely Updates: Users delaying updates inadvertently increase their risk exposure

Technical Recommendations for Users

To mitigate potential risks:

1. Update Devices Promptly: Install the latest patches for iOS, macOS, visionOS, and Safari.
2. Enable Automatic Updates: Ensures timely application of future patches.
3. Restrict WebKit Access: Avoid visiting untrusted websites until updates are installed.
4. Monitor System Behavior: Look for anomalies that could indicate exploitation.

‍

‍

Conclusion

The exploitation of CVE-2024-44308 and CVE-2024-44309 targeting Apple devices highlight the importance of timely software updates to protect users from potential exploitation. The swift action of Apple by providing immediate improved checks, state management and security patches. Users are therefore encouraged to install updates as soon as possible to guard against these zero day flaws.

References:

• https://support.apple.com/en-us/121752
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44308
• https://securityonline.info/cve-2024-44308-and-cve-2024-44309-apple-addresses-zero-day-vulnerabilities/ 

‍

Introduction 

In the ever-evolving world of technological innovation, a new chapter is being inscribed by the bold visionaries at Figure AI, a startup that is not merely capitalising on artificial intelligence rage but seeking to crest its very pinnacle. With the recent influx of a staggering $675 million in funding, this Sunnyvale, California-based enterprise has captured the imagination of industry giants and venture capitalists alike, all betting on a future where humanoid robots transcend the realm of science fiction to become an integral part of our daily lives.

The narrative of Figure AI's ascent is punctuated by the names of tech luminaries and corporate giants. Jeff Bezos, through his firm Explore Investments LLC, has infused a hefty $100 million into the venture. Microsoft, not to be outdone, has contributed a cool $95 million. Nvidia and an Amazon-affiliated fund have each bestowed $50 million upon Figure AI's ambitious endeavours. This surge of capital is a testament to the potential seen in the company's mission to develop general-purpose humanoid robots that promise to revolutionise industries and redefine human labour.

The Catalyst for Change 

This investment craze can be traced back to the emergence of OpenAI's ChatGPT, a chatbot that caught the public eye in November 2022. Its success has not only ushered in a new era for AI but has also sparked a race among investors eager to stake their claim in startups determined to outshine their more established counterparts. OpenAI itself, once mulling over the acquisition of Figure AI, has now joined the ranks of its benefactors with a $5 million investment.

The roster of backers reads like a who's who of the tech and venture capital world. Intel's venture capital arm, LG Innotek, Samsung's investment group, Parkway Venture Capital, Align Ventures, ARK Venture Fund, Aliya Capital Partners, and Tamarack—all have invested their lot with Figure AI, signalling a broad consensus on the startup's potential to disrupt and innovate.

Yet, when probed for insights, these major players—Amazon, Nvidia, Microsoft, and Intel—have maintained a Sphinx-like silence, while Figure AI and other entities mentioned in the report have refrained from immediate responses to inquiries. This veil of secrecy only adds to the intrigue surrounding the company's prospects and the transformative impact its technology may have on society.

Need For AI Robots 

Figure AI's robots are not mere assemblages of metal and circuitry; they are envisioned as versatile beings capable of navigating a multitude of environments and executing a diverse array of tasks. From working at aisles of warehouses to the bustling corridors of retail spaces, these humanoid automatons are being designed to fill the void of millions of jobs projected to remain vacant due to a shrinking human labour force.

The company's long-term mission statement is as audacious as it is altruistic: 'to develop general-purpose humanoids that make a positive impact on humanity and create a better life for future generations.' This noble pursuit is not just about engineering efficiency; it is about reshaping the very fabric of work, liberating humans from hazardous and menial tasks, and propelling us towards a future where our lives are enriched with purpose and fulfilment.

Conclusion 

As we stand on the cusp of a new digital world, the strides of Figure AI serve as a beacon, illuminating the path towards machine and human symbiosis. The investment frenzy that has enveloped the company is a clarion call to all dreamers, pragmatists and innovators alike that the age of humanoid helpers is upon us, and the possibilities are as endless as our collective imagination.

Figure AI is forging a future where robots walk among us, not as novelties or overlords but as partners in forging a world where technology and humanity work together to unlock untold potential. The story of Figure AI is not just one of investment and innovation; it is a narrative of hope, a testament to the indomitable spirit of human ingenuity, and a preview of the wondrous epoch that lies just beyond the horizon.

References 

• https://cybernews.com/tech/openai-bezos-nvidia-fund-robot-startup-figure-ai/
• https://www.thedailystar.net/business/news/bezos-nvidia-join-openai-funding-humanoid-robot-startup-3551476
• https://www.bloomberg.com/news/articles/2024-02-23/bezos-nvidia-join-openai-microsoft-in-funding-humanoid-robot-startup-figure-ai
• https://economictimes.indiatimes.com/tech/technology/bezos-nvidia-join-openai-in-funding-humanoid-robot-startup-report/articleshow/107967102.cms?from=mdr

‍

Introduction

Cyberspace is the new and the fifth dimension of warfare as recognised by the UN. In recent times we have seen a significant rise in cyber attacks on nations’ strategic interests and critical infrastructure. The scope of cyberwarfare is increasing rapidly in contemporary times. Nations across the globe are struggling with this issue. The Ministry of Defence of the Government of India has been fundamental to take preventive measures towards all attacks on the Republic of India. The ministry is the junction for all three forces: Airforce, Navy and Army and creates coordination between the forces and deploys the force at strategic locations in terms of enemy threats.

The new OS

Governments across the world have developed various cyber security measures and mechanisms to keep data and information safe and secure. Similarly, the Indian Government has been very critical in deploying cybersecurity strategies, policies, measures, and bills to safeguard the Indian cyber-ecosystem.  The Ministry of Defence has recently made a transition in terms of the Operating System used in the daily functions of the ministry. Earlier, the ministry was using an OS from Microsoft, which has now been replaced with the indigenous OS named “Maya” based on open-source Ubuntu. This is the first time the ministry will be deploying indigenous operating software. This step comes at a time of global rise in cyber attacks, and the aspect of indigenous OS will prevent malware and spyware attacks.‍

What is Maya?

Users will not notice many differences while switching to Maya because it has a similar interface and functionality to Windows. The first instruction is to install Maya on all South Block PCs with Internet access before August 15.  In these systems, a Chakravyuh “endpoint detection and protection system” is also being installed. Maya isn’t yet installed on any computers connected to the networks of the three Services; instead, it is solely used in Defence Ministry systems. It had also been reviewed by the three Services and would shortly be adopted on service networks. The Army and Air Force were currently reviewing it after the Navy had already given its approval.

OS Maya was created by government development organisations in less than six months. An official from the ministry has informed that Maya would stop malware attacks and other cyberattacks, which have sharply increased. The nation has recently experienced a number of malware and extortion attacks, some of which targeted vital infrastructure. The Defence Ministry has made repeated attempts in the past to switch from Windows to an Indian operating system.

How will the new OS help?

The OS Maya is a critically developed OS and is expected to cater to the needs of all cybersecurity and safety issues of contemporary threats and vulnerabilities.

The following aspects need to be kept in mind in regard to safety and security issues:

• Better and improved security and safety
• Reduced chances of cyberattacks
• Promotion of Inidegenous talent and innovation
• Global standard OS
• Preventing and precautionary measures
• Safety by Design for overall resilience
• Improved Inter forces coordination
• Upskilling and capacity building for Serving personnel

Conclusion

Finally, the emergence of cyberspace as the fifth dimension of warfare has compelled countries all over the world to adopt a proactive stance, and India’s Ministry of Defence has made a significant move in this area. The significance of strengthened cybersecurity measures has been highlighted by the rising frequency and level of complexity of cyberattacks against key assets and vital infrastructure. The Ministry’s choice to use the local Maya operating system is a key step in protecting the country’s cyber-ecosystem. Maya’s debut represents a fundamental shift in the cybersecurity approach as well as a technology transition. This change not only improves the security and protection of confidential data but also demonstrates India’s dedication to supporting innovation and developing homegrown talent. Government development organisations have shown their commitment to solving the changing difficulties of the digital age by producing cutting-edge operating systems like Maya in a relatively short amount of time.