Hello, welcome to the Tuesday, April 4th, 2017 edition of the Sands and at Storm Center's Stormcast. My name is Johannes Ulrich and the day I'm recording from Jacksonville, Florida.

It's just a week since Apple released iOS 10.3. So it was a surprise that today Apple actually already released the next version of iOS.

iOS.10.3.1. This update fixes one single vulnerability. It does allow if exploited to execute a random

code on the Wi-Fi chip. So all it takes is for the attacker to be

in range of the victim and then launch this exploit and the attacker would be able to execute

arbitrary code. Certainly something you do want to update rather quickly. Then of course, Google releasing

Shaw One collisions a few weeks ago was a pretty big deal, but one question a lot of people

always asking is, how do you actually take advantage of these collisions? Well, we have a nice

guest diary today by Paul Bolton and he explains

how to do this using ISO images where you can create two ISO images, one evil, one benign. They

both end up with the same Shah one hash by taking advantage of these collision data blobs

that Google found.

The basic trick here is that once I can create a document with one of the data blobs that

Google found, I can just swap these data blobs and the overall

SHA-1 check-sum of that particular document does not change. So now I just need something

inside a document that will make this document act differently depending on which one of these

blobs I have included. So this basic technique can be applied to many other data formats that don't really

worry about having a blob of random data being placed somewhere and that are able to have

a condition based on which blob is included.

And if Microsoft Defender alerted you this weekend about the plumber warm, well, it's most likely

a false positive.

Apparently, Microsoft Defender did flag various files with the signature over the weekend.

...