Hello, welcome to the Thursday, December 6th, 2018 edition of the Sansonet Stormsendos Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

And we got familiar news from Adobe today.

Adobe released an update for Flash.

That's the second out-of-order sort of update that they are

releasing in a row. The last one was two weeks ago. This update fixes two vulnerabilities,

one of which is already exploited in the wild in targeted attacks. So nothing really to be

too excited or concerned about. There is no

widely available exploit available for this vulnerability. It's used in some limited targeted

attacks. So you probably have a couple weeks to either patch or finally uninstall flash.

But as usual, if you do run Chrome, if you do run

Microsoft Edge and in Explorer 11, then of course flash is included in the browser and you

have to update the browser in order to protect yourself. If you have one of these

browsers at the very least set them up so they will ask for permission

to run any flash content and not just run it automatically.

And Apple today released updates for its entire product portfolio.

The one missing item here was actually watchOS.

No update for a watch OS today, but everything else was updated, including iCloud for Windows.

As usual, a lot of overlap here between these different updates for different operating systems,

WebKit vulnerabilities, they're typically

exploited via the browser on these various platforms, also a number of approach escalation

vulnerabilities. I did see a patch for one Specter variant pop-up for macOS and os 10.

...