Hello and welcome to the Thursday, November 21st,

2024 edition of the Sands and at Storms, Stormcast.

My name is Johannes Ulrich, and I'm recording from Singapore.

Today we got two Apple vulnerabilities to start out with.

These vulnerabilities were patched yesterday and they address

two vulnerabilities that are already being exploited in the wild. The first of the vulnerability

affects JavaScript core and could of course be triggered by visiting a malicious webpage,

which then leads to arbitrary code execution.

The second vulnerability similarly affects WebKit. Also, of course, exploitable by visiting

a malicious website. It's a little bit different, a little bit interesting vulnerability here.

It says it's a vulnerability in the cookie management system that could lead to cross-site

scripting.

So sounds like if an attacker is able to create a particular cookie for your browser that

could potentially modify content on the web page.

Not only sure how this will work, we don't have a lot of details or any

details really about these vulnerabilities other than Google reported them as already being

exploited. There are updates available for Safari as well as for Apple's operating systems,

which of course then patch the WebKit part as well.

The Safari patch is usually just meant for older operating systems.

And of course, this flaw being already exploited means that you probably should apply this

update soon.

And talking about vulnerabilities that are already being exploited,

...