meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, May 8th 2020

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 8 May 2020

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. NMAP NSE Scripts; iOS Psychic Paper; #WorldPasswordDay; #Cisco Kerberos Bypass

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Friday, May 8th, 2020 edition of the Sandstone Storm Center's Stormcast.

0:07.5

My name is Johannes Ulrich.

0:09.2

I'm recording, well, from Jacksonville, Florida, of course.

0:13.4

I always tell people if there's a tool that you're using a lot for many, many years.

0:18.4

It doesn't hurt to look at the man page once ever so often or

0:22.9

whatever documentation is available. Case in point, we got a diary today from Boyan about all

0:30.8

these NSE scripts that are coming with NMAP. When I grew up, well, NMAP was a port scanning tool, but it has really become

0:40.0

more and more sort of a full-fledged vulnerability scanner, and Boyan is going over some of the more

0:46.3

useful NSE scripts that are included in NMAP. In the past, he had sometimes Manuel write about

0:53.9

some of these scripts, but

0:55.9

certainly worthwhile to revisit NMAP and check out what scripts are available, and of course,

1:03.3

the number is steadily growing. And Apple apparently fixed a three-year-old sandbox escape vulnerability in the latest beta of iOS,

1:15.6

which will eventually be released as iOS 13.5.

1:21.6

A couple details were released today by Sigusa, who originally discovered this vulnerability about three years ago.

1:30.3

And it's a pretty kind of interesting in the way how simple this sandbox escape is vulnerability.

1:38.1

The core of the problem is that Apple uses four different XML parsers as part of iOS, and configuration files for apps

1:48.6

are stored in property lists or P-list files, which are formatted in XML.

1:55.9

Now, these property lists include all kinds of entitlements that a particular application possesses, and due to the buck in the XML parser, comments aren't parsed correct, or at least differently, by two different XML parsers.

2:13.3

So an attacker would create an XML file, sign it properly, but the important entitlement,

2:20.9

in this case it would be Com Apple Private Security No Container that allows the software to escape

2:27.3

from the sandbox would only be visible in one of these parsers and ignored in the other parsers. So all currently released

2:37.6

versions of iOS are vulnerable. This will hopefully be fixed soon with the release of iOS

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.