In March, the European Union (EU) took a significant step toward reining in Big Tech offenders with the Digital Markets Act. Targeting the gatekeepers of today’s digital economy, the law is a historic piece of legislation and is a critical next step in the broader fight to level the playing field. However, this watershed moment has failed to reach the US, which continues to fall short in protecting consumers and innovative small businesses from predatory tech companies. Congress must stop playing catch up with Europe and take a leadership role to protect its constituents. Courage and cooperation across the aisle are needed to strengthen the laws that protect the majority. Big tech, their lobbyists, and those seeking to fund their next election are far too cozy as mega-companies continue to exploit their dominance and suppress innovation. The lack of US action is embarrassing, as our friends across the pond take decisive steps. The EU created the Digital Markets Act, or DMA, to limit the reach of internet powerhouses and restore balance to the economy. It is aimed at the most frequent offenders -- companies such as Amazon, Meta, and Google, which have repeatedly abused their large market share and used it to damage smaller, less powerful competitors. The landmark measure carries major consequences for these firms. Gatekeepers will now be required to interoperate with smaller firms, avoid setting their software as the default option, and no longer engage in self-preferencing. In short, the DMA is targeting weak points that prop up the largest and most powerful technology firms and crush innovation in the process. Once officially adopted by the EU, enforcement will be critical since we all know that Big Tech cannot be trusted. While European regulators remain at the helm of Big Tech reform, the US lags far behind. Politics have altered how we handle Big Tech, allowing mega-corporations to grow even bigger. Just recently, Amazon closed its $8.5 billion acquisition of MGM. The Federal Trade Commission had every opportunity to block the merger, but the deal was approved without much pushback. The FTC decision was deadlocked between two Democrat appointees and two Republican appointees, and politics came before ensuring fair competition. Take data privacy, for example. In 2018, the General Data Protection Regulation (GDPR) was enacted, a milestone in privacy protections that safeguards Europeans against the transfer of personal data. While the EU is focused on protecting consumers and competition, Big Tech lobbyists here at home are writing watered-down privacy bills for legislators -- that amounts to a disgusting practice that cedes legislators’ jobs to the powerful few. In Virginia, Amazon boosted political donations tenfold before persuading lawmakers to pass a toothless privacy bill that their own lobbyists drafted rather than the elected officials.  It is not just the EU taking action as a collective body. In 2021, Italy’s antitrust watchdog fined Amazon over $1 billion for alleged abuse of market dominance -- one of the largest penalties levied on a US tech giant in Europe. Meanwhile, a Federal Trade Commission (FTC) investigation into Amazon Web Services (AWS) is only now moving forward again under Chair Lina Khan. A challenge to the MGM acquisition, among others, may come now that Khan has the majority on her side. More on the DMA can be found on OUR FORUM.

Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. Zero-days are security flaws that the software vendor is unaware of and hasn't yet patched. In some cases, this type of vulnerability may also have publicly available proof-of-concept exploits before a patch arrives or maybe actively exploited in the wild. In security advisories issued on Monday, Apple revealed that they're aware of reports this security bug "may have been actively exploited." The flaw is an out-of-bounds write issue (CVE-2022-22675) in the AppleAVD (a kernel extension for audio and video decoding) that allows apps to execute arbitrary code with kernel privileges. The bug was reported by anonymous researchers and fixed by Apple in macOS Big Sur 11.6.6 and watchOS 8.6 with improved bounds checking. The list of impacted devices includes Apple Watch Series 3 or later and Macs running macOS Big Sur. While Apple disclosed reports of active exploitation in the wild, it did not release any extra info regarding these attacks. By withholding information, the company is likely aiming to allow the security updates to reach as many Apple Watches and Macs as possible before attackers pick up on the zero-day's details and start deploying exploits in other attacks. Although this zero-day was most probably only used in targeted attacks, it's still strongly advised to install today's macOS and watchOS security updates as soon as possible to block attack attempts. In January, Apple patched two other zero-days exploited in the wild to let attackers gain arbitrary code execution with kernel privileges (CVE-2022-22587) and track web browsing activity and user identities in real-time (CVE-2022-22594). One month later, Apple released security updates to patch a new zero-day bug (CVE-2022-22620) exploited to hack iPhones, iPads, and Macs, which leads to OS crashes and remote code execution on compromised Apple devices. In March, two more actively exploited zero-days in the Intel Graphics Driver (CVE-2022-22674) and the AppleAVD media decoder (CVE-2022-22675), the latter patched today in older versions of macOS. These five zero-days impact iPhones (iPhone 6s and up), Macs running macOS Monterey, and multiple iPad models. Throughout last year, the company also patched a long list of zero-days exploited in the wild to target iOS, iPadOS, and macOS devices. Follow this thread and more on OUR FORUM.