Hello, welcome to the Tuesday, August 27, 2019 edition of the Sansandot Storm Center's Stormcast.

My name is Johannes Ulrich.

And I'm recording from Jacksonville, Florida.

Apple today released an update for iOS, MacOS Mojave, as well as for TV OS. And while this looks initially like the typical

Apple patches, everything sort of release, this is a little bit different. First of all, no update,

at least nothing from the security side for watchOS. The other sort of interesting part is

it's only one vulnerability that's being fixed

across these three operating systems. This vulnerability is notably an issue that was reintroduced

in 12.4, iOS 12.4. I mentioned this in this podcast in 12.3 Apple patched a vulnerability that led to a jail break in

iOS in 12.4. They reintroduced this vulnerability. And of course, the jail break community jumped on

this and released a jail break for iOS 12.4.

This vulnerability is now being patched again in iOS 1241.

Due to similarities in the different kernels, this also affects Mac OS and TVOS.

That's why we do have patches for these other

operating systems as well. But again, only one vulnerability is being patched and this is

CVE 2019-8605. You may think, hey, for MacOS,, jailbreaking isn't really an issue, but what this comes down

to is that this really approach escalation vulnerability.

And in order to do a jail break on iOS, you need to execute arbitrary code with system

privileges, and this is what this vulnerability allows across all these

operating systems and back in April Pulse Secure released a patch for the Pulse

Connect secure VPN server the patch affixed arbitrary file read vulnerability that can be used to read well arbitrary files

from the VPN server including keys and other secrets.

...