Hence if in doubt always check the certificate … on Safari click on the padlock… that will confirm the identity of the host and server, if you know what to look for, that is what it is there for…
But just checking to see if https without checking certificate is really of little benefit… as the certificate could be a valid fraudulent one supporting a man in the middle or spoofing attack.
However most safe businesses may make a promotion, but invite you to log into their service to realise it… perhaps with a code, but using your normal techniques… no hypertext links…
Increasingly for services of value, one should be using MFA anyway these days.
Good advice, but in the case of a remote execution bug like in the above link it’s already too late when you check the padlock, and the accompanying phishing mails can be sent by anyone. So not clicking is best
Could be… depends on the security level of your browser… unless there is a wide open vulnerability in which case there is probably not much you can do safely apart from not use that browser…
Sure… there are often vulnerabilities, hence the importance of keeping vulnerabilities patched…
Yes clicking on sites you don’t trust is a good start, but remember a trusted web site can have many other links which one could be compromised… so it in itself is no defence.
Ensure your software is patched as soon you can once a vulnerability is announced.
Of course. But you never know when such vulnerabilities exist, and the link has another link to an earlier 0-day from January that was actively exploited before there was a patch.
So for people who have to ask “can I click this link”, as general advice it is best if they don’t or are careful and learn how to read/check an URL (and the possible pitfalls like e.g. foreign characters that look similar but are different)
Sure, I didn’t say it isn’t. I was answering the question whether an iPad can be taken over remotely by clicking a malicious link. The answer is yes, and it is also yes if you have everything up to date.
Not sure I follow, Apple has addressed the latest vulnerabilities… including iOS and is patched I believe in 14.7.1
Can anything be compromised, yes if a vulnerability exists that can be exploited… this can also happen potentially to your car…… or your EV charger…. as well as your tablet or computer.
I don’t follow either. Apple has addressed the latest vulnerabilities, but there are guaranteed to be more, like on any complex platform. So if someone asks if the possibility exists that clicking links can lead to exploits on an iPad, the answer is yes.
exactly - it goes for just about any computer controlled device… you or may not be surprised what devices have contained vulnerabilities - and potentially still do - but remember keep it in proportion and its usually about impact and value of being attacked…
which bit - sorry it looked like you were disagreeing with me… couldn’t quite follow your angle, but I might have mis read you - so yes I think we are both saying just about anything can be compromised and controlled, - the key thing is to ascertain what can be gained by doing so … and that last bit puts in into perspective.
I was kind of disagreeing with some of what you wrote just because checking the padlock to check the certificate does not protect against an exploit payload being delivered as soon as the browser loads the page.
The discussion had been about clicking that suspicious marketing link. Alley_Cat had written, correctly, that even clicking a malicious link (and not entering anything on the resulting page) can already be bad because e.g. it can give feedback to spammers. I added that it can also load an exploit. FR had asked if that’s true on an iPad too. I answered yes and provided the link as a real example.
Of course you are right that installing updates, checking certificates, etc., is all important. But none of this protects against a security hole as the one described in the above link, that is exploitable by opening a link. So, computer users who are unsure whether clicking a link is safe, and cannot answer this question on their own, are better off if they get into the habit of not clicking on links they are not sure about, and particularly not in emails. That’s very common advice too, “never click a link in an email that says it is from your bank, always enter the address yourself in the browser”. Of course, as you wrote, some companies have stopped using links for this reason and actively educate their customers.
I don’t think there is anything controversial here
The space between “a” and “link” is odd (URLs can’t contain spaces), but that looks like a typo rather than anything malicious. Aside from that, regardless of what’s after the first single “/”, the URL looks like a legitimate tidal.com address.
As an aside, (and this is not a criticism) I think everyone who uses the internet should learn how to read URLs, in the same way that most people can look at a phone number and recognise country codes (even if they can’t identify the country), area codes, and so on. I got an odd looking email from my credit card company this morning, and I spent a couple of minutes showing my 10-year-old son how I knew it was a legitimate email, and not a phishing attempt.
Antivirus programs have their own issues and you may be better off without one (but on Windows there is a balance/tradeoff somewhere; if the user is very naive, an antivirus can help, but it would be better if the user was educated instead). Sometimes they create security holes that are not there without them, and in any case they do nothing against undisclosed holes. And iOS is indeed quite secure compared to more open systems - apps and OS are sandboxed, and you can’t install anything that isn’t in the app store (unless you jailbreak the iPad). But nothing is perfect and caution is still advisable with some things like malicious links.
Edit: And given how locked-down iOS is, it does not make it easy for antivirus either. On Windows, these programs embed themselves deeply in the OS files, this is not even possible on iOS unless Apple allows. (And Apple has no interest in making iOS appear insecure)
