Apple rolls out iOS 15.3 and macOS 12.2 to fix a major Safari exploit

It's a big day for security updates in Apple-land. The company has rolled out software fixes for just about all of its platforms, including iOS 15.3 and macOS 12.2, 9to5Mac reports. Notably, they fix the Safari vulnerability that could potentially leak your browser history, as well as your Google account information. WatchOS 8.4 and tvOS 15.2, meanwhile, add some performance improvements. And even though the company isn't paying as much attention to its smart speakers these days, it launched HomePod 15.3, which adds Siri support for up to six users speaking English in India, or Italian in Italy. (That's a feature Apple started offering in the US back in 2019.)

While we normally wouldn't stress minor software updates much, iOS and macOS users should deal with that Safari vulnerability as soon as they can. Sure, there aren't any major threats taking advantage of that now, but who knows what malware could pop up in the next month or two. 

Boom will build a supersonic jet factory in North Carolina

Transporation startup Boom is one step closer to bringing back supersonic passenger flight. On Wednesday, the company announced plans to build a manufacturing facility at Piedmont Triad International Airport in North Carolina. Once complete, "The Overture Superfactory" will employ approximately 1,750 workers by 2030 and produce the company’s upcoming Overture supersonic jet, which Boom hopes will start flying passengers in 2029. Construction on the facility is expected to start later this year, with production to follow in 2024. The first jet will roll out in 2025 and then fly in 2026. 

The 400,000 square foot facility will eventually produce aircraft for carriers like Japan Airlines and United Airlines. In 2021, the latter announced it would purchase 15 Overture jets once the plane met its safety and operating requirements. The agreement includes an option for United to buy an additional 35 aircraft, for a total of 50 jets.

Boom claims Overture will revolutionize commercial aviation. It envisions the Mach 1.7 jet flying from San Francisco to Toyko in approximately six hours. On a modern jet plane, you can expect a flight like that to take about 11 hours. What’s more, Bloom claims Overture will be “net-zero carbon” aircraft thanks to its ability to fly on 100 percent sustainable aviation fuels.

The news is another major win for the state of North Carolina. At the end of December, Toyota announced it would build a $1.29 billion battery plant on the Greensboro-Randolph Megasite, a tract of land located in Randolph County. Once complete sometime in 2025, the facility will consist of four production lines capable of producing batteries for approximately 200,000 vehicles per year. 

White House tells agencies to adopt the 'Zero Trust' security model

The White House wants the government to adopt a security model called Zero Trust within the next two years. The Office of Management and Budget (OMB) released a finalized federal strategy that lays out the initial details of the shift.

It told agencies to each designate a strategy implementation lead within 30 days. Agencies were given 60 days to submit an implementation plan to the OMB and Cybersecurity and Infrastructure Security Agency (CISA). 

"This memorandum sets forth a federal Zero Trust architecture (ZTA) strategy, requiring agencies to meet specific cybersecurity standards and objectives by the end of fiscal year (FY) 2024 in order to reinforce the government’s defenses against increasingly sophisticated and persistent threat campaigns," OMB acting director Shalanda D. Young wrote in the memo. "Those campaigns target federal technology infrastructure, threatening public safety and privacy, damaging the American economy and weakening trust in government."

The Zero Trust approach is based on the notion that local devices and connections can't be completely trusted. Users need to be authorized, authenticated and continuously validated. Organizations usually have control over Zero Trust setups, and users and devices are often only granted access to essential data, apps and services.

Google offers a Zero Trust solution called BeyondCorp. Last week, a company called Sikur revealed a smartphone it designed using Zero Trust principles.

The release of the strategy follows an executive order President Joe Biden signed last year with the aim of improving the country's cybersecurity, as well as a draft strategy that the OMB published in September.

The finalized strategy lays out a vision for the government in which staff have "enterprise-managed accounts, allowing them to access everything they need to do their job while remaining reliably protected from even targeted, sophisticated phishing attacks." The devices would be continuously monitored and each agency's system would be isolated, with reliable encryption for internal network traffic and sending data to other agencies.

Under this approach, enterprise applications would be tested internally and externally before staff could access them over the cloud. The OMB also said federal security teams and data teams would work together "to develop data categories and security rules to automatically detect and ultimately block unauthorized access to sensitive information."

The strategy directs agencies to harness strong, phishing-resistant multi-factor authentication, perhaps using physical methods like Personal Identity Verification cards. The OMB also told agencies to have a full inventory of devices that are authorized and used for official business and to make sure they meet CISA standards.

The White House cited the Log4j vulnerability that recently emerged as the latest proof that "adversaries will continue to find new opportunities to get their foot in the door."

"This strategy is a major step in our efforts to build a defensible and coherent approach to our federal cyber defenses,” national cyber director Christopher Inglis said in a statement. “We are not waiting to respond to the next cyber breach. Rather, this administration is continuing to reduce the risk to our nation by taking proactive steps towards a more resilient society."