Hello and welcome to the Thursday, July 13, 2023 edition of the Sandton and Storm Center's Stormcast.

My name is Johannes Ulrich and I'm recording from Washington, D.C.

Don't really have a good link for it yet because it really just hit the internet, so to speak. Apple re-released its rapid security

response update for iOS as well as for macOS. Interestingly, it's now C as in Charlie the letter

that's being added to the operating system version.

The old one was A as Alpha.

So, for example, for iOS, once you're patched, you'll see that you're running 16.5.1,

and then Charlie C in parentheses.

This letter being added to the user agent apparently was one of the problems with the

original update that caused issues with some websites.

Haven't had a chance yet.

Literally just installed it on my iPhone.

I haven't installed it yet on the Mac I'm using here to record to figure out what the user agent exactly looks like with this latest update.

As the prior update, it's pretty small, was I think 4 megabytes on my iPhone and does require a quick reboot, just a regular reboot, not one of those

reboots where it reboots multiple times in order to swap out operating system images.

And Brad published another of his malware analysis diaries, this time looking at a current version of Formbook.

Particular Brad is looking closer at the loader, actually, that then installs

formbook on the infected system.

This particular variant didn't appear to be fully functional, at least some of the files

only were downloaded, sort of manually.

Later, the initial loader didn't quite seem to do the trick here.

The initial infection started out with the usual sort of email lore.

...