ISC StormCast for Monday, June 4th 2018
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 4 June 2018
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Monday, June 4th, 2018 edition of the Sands and its Storm Center's Stormcast. My name is Johannes Ulrich and I'm recording from Augusta, Georgia. So as predicted on Friday, we got also updates from Apple 4 OS10 and Mac OS. In addition, we got the usual patch for Safari. |
| 0:24.2 | Also, patches for ICloud for Windows. |
| 0:28.5 | And with having released the full set of security updates, Apple also released details about |
| 0:34.5 | the security content of all these updates, including the updates released on |
| 0:39.3 | Thursday for iOS, watchOS, and TVOS. |
| 0:44.5 | As usual for Apple updates, and that again is why they usually hold back some of the details |
| 0:50.5 | until they released updates for all the operating systems. |
| 0:54.1 | There is a lot of overlap |
| 0:55.5 | between these different updates. Particular web kit vulnerabilities, of course, show up in all the |
| 1:02.6 | different operating systems. For OS 10, the details about the web kit vulnerabilities are split |
| 1:09.6 | out into the Safari update, so you won't see them in the OS10 details. |
| 1:15.6 | Among the more interesting vulnerabilities, one issue was fixed that would allow an attacker to modify the EFI bias. |
| 1:25.6 | Now, the hacker would need already root on the system in order to affect this, but then again, this is sort of the holy grail of actually getting persistence on a system. |
| 1:38.2 | Secondly, the e-fail vulnerability was patched in mail, so have to see exactly how they patched it, in particular |
| 1:46.4 | for S-Mine, which is really the only thing that mail does support out of the box. PGP is not |
| 1:54.9 | supported by mail, so that's probably not addressed here. And a message bug was fixed that was already exploited in the wild. |
| 2:03.6 | This particular message bug led to the null of service vulnerability with iOS. So far I haven't really heard about any problems with this update, but in particular for OS10, this update apparently does take quite a while |
| 2:19.8 | to apply, and that sort of matches my own observation can take up to an hour to apply this |
| 2:27.6 | particular update. And of course, last week everybody reported how the VPN filter malware |
| 2:33.9 | is taking over routers and how the FBI is |
| 2:37.0 | advising users into rebooting these routers to get rid of the malware. Haven't seen any numbers on how |
| 2:44.4 | successful this particular effort was, but the assumption here was that with the command control server being offline, |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.