Hello and welcome to the Thursday, October 26, 2023 edition of the Sandsenet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Well, and a day late, at least according to mine and others' expectation, we today got updates from Apple for pretty much anything.

iOS, iPadOS, MacOS, TVOS, and watchOS.

For the big operating systems here, MacOS, iOS, iPadOS,

we actually got updates three versions back.

Across the different operating systems, I believe we got 53 vulnerabilities patched.

Probably the one that's sort of the most interesting is CVE 2020-23-3-4-34-4.

This is the already exploited vulnerability. We have received patches for the more recent operating systems. Well, today we now got a patch for iOS 15. That brings us up to iOS 15.8. And Apple states and stated that before, that it has seen exploitation of this

vulnerability for iOS prior to 15.7. And this is also the only iOS 15 patch that was in

today's update. The remainder of the vulnerabilities are sort of your usual mix,

bunch of WebKit vulnerabilities that are always interesting

that allow for code execution if you're visiting a malicious web page,

some approach escalation vulnerabilities to go with this,

and then also sort of a crop of privacy issues,

for example, where your Mac address may be sent when it's not supposed to be sent,

or where, for example, hidden photo albums and such may be viewed without off the occasion.

Certainly an update that you don't want to miss, I would suggest that at least sort of

by the coming weekend you probably should apply these updates across your different Apple devices.

And beginning of October at Lashin did release an update for CVE 2020-2515, patching a vulnerability

in their Confluence server and data center product. The problem here was an off-occation

bypass that pretty much allows anybody with a simple request to add new admin users to your system.

...