ISC StormCast for Friday, December 1st, 2023
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 1 December 2023
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Friday, December 1st, 2023 edition of the Sandcent Storm Center's |
| 0:07.3 | Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida. |
| 0:14.0 | Apple today released updates for iOS, iPadOS, and MacOS. These updates fix two already exploited vulnerabilities. Both of these |
| 0:25.0 | vulnerabilities affect WebKit. The first one we rated moderate is sensitive information |
| 0:31.9 | disclosure vulnerability. Apple only provides these one sentence summary, so not really clear what's being disclosed here. |
| 0:39.6 | Sometimes it could be sort of information that helps in additional exploitation, or it could be disclosure of browser history or things like that. |
| 0:48.2 | The second vulnerability, that's the one we rated critical, again, also in a web kit, and it can lead to arbitrary code exploit execution |
| 0:57.1 | if you are visiting a malicious web page. Apple provided these updates only for the latest |
| 1:05.0 | versions of iOS, that's 17, and for macOS, that's 14, or Sonomaoma but note that the notes also state that they have seen |
| 1:15.5 | this being exploited in the wild against ios before 16.7.1 the current version of ios released |
| 1:26.9 | late in october is 16.7.2. |
| 1:33.9 | So that version hasn't been exploited yet, but it could be that it's also vulnerable. |
| 1:40.0 | We don't really know. |
| 1:41.3 | Like I said, the patch only applies to iOS 17 at this point. In the past, |
| 1:45.8 | we often have seen Apple later within a couple days or a week or so release updates for older |
| 1:53.5 | versions of the operating system. For macOS, this typically also involves an update for Safari |
| 2:00.0 | as these are a WebKit vulnerabilities. |
| 2:04.1 | So if you're running this older version of iOS macOS, watch out for additional updates, |
| 2:08.4 | but it's of course always possible that they are no longer affected. |
| 2:14.6 | And while other companies may blame interns for leaving weak passwords and GitHub repositories and cause breaches, our interns are out there fighting a good fight, and John, our handler today, found an interesting sort of gem in a recent diary from one of our undergraduates, Jonah Latimer, who did write about some of the |
| 2:36.7 | latest developments of Mirai. And, well, John now followed up on that and how the particular |
| 2:44.8 | vulnerability being discussed there was actually, well, really used more and more following that particular new variant of |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.