The Digital Security Digest, by Freedom of the Press Foundation (FPF), is a weekly newsletter with security tips that keep you, your sources, and your devices safe. If someone shared this newsletter with you, please subscribe here.
A newly discovered spyware exploit is dangerously easy for attackers to use
Security researchers at Google, Lookout, and iVerify recently identified a series of exploits targeting some versions of iOS 18. The spyware, dubbed DarkSword, is designed to quickly send attackers photos, passwords, and messages from targeted text messaging apps. If that weren’t enough, someone published a new version of the toolkit on GitHub, where it is freely accessible to anyone. The exploit uses simple HTML and JavaScript files — the fundamental building blocks of ordinary websites. Read more.
What you can do
- Download the dang updates. I want you to imagine a scene: A team of engineers at Apple is frantically analyzing exploits and running around with their hair on fire, writing security patches to send to your device as quickly as possible. Things like this happen pretty much every day, and if you just make a habit of downloading your security updates — like brushing your teeth — you don’t have to think about it at all. It’s really the best thing you can do to keep your devices and data safe with minimal effort. Read more about the story behind your software updates.
- Shut down even more malware with Lockdown Mode. According to Apple, Lockdown Mode would also disrupt this particular set of attacks. Lockdown Mode disables many complex web and messaging technologies that would otherwise give remote attackers a more substantial foothold for launching exploits. It has the added benefit of making exploits harder to deploy for someone who has physical access to your locked device. This may affect how you use your phone slightly, so try out Lockdown Mode and see if you like it. Android users should try out a similar feature called Advanced Protection.
Updates from our team
- A reminder for J-school educators: Do you want to learn more about teaching digital security? We’re putting together a project intended to help journalism school instructors integrate digital security education into their curricula. Please help us understand your interest and availability. Fill out this quick intake survey.
- Join us on Thursday, March 26, at 1:30 p.m. EDT/10:30 a.m. PDT, for a live webinar event, “Surveillance and the press: Why Section 702 matters now.” Our executive director, Trevor Timm, will join an expert panel examining how Section 702 of the Foreign Intelligence Surveillance Act is being used for spying while harming press freedom and the ability to communicate privately with sources. Register here.
Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.
Best,
Martin
–
Martin Shelton
Deputy Director of Digital Security
Freedom of the Press Foundation
