Hello, welcome to the Tuesday, December 13th, 2016 edition of the Sands and a Storm Center's Stormcast.

My name is Johannes Ulrich, and the day I'm recording from Washington, D.C.

Well, ahead of Microsoft's patched Tuesday, we got updates from Apple.

Apple fixed 12 vulnerabilities in iOS, one in TV OS, and two in watch OS. One vulnerability is

actually affecting all three operating systems and it does get triggered by installing a malicious

profile. Now profiles that you install in iOS or these other operating systems

are really certificates that can then be used in order to sign settings and the like. Well,

if you are importing a malicious certificate, code execution may happen and this is fixed in this

update.

Now for iOS, again, we have a total of 12 vulnerabilities.

Some of the more interesting ones are there are a number of lock screen issues that are being

fixed here either bypassing the lock screen or preventing the lock screen from actually

taking effect.

There's also an issue that I found sort of interesting in that you can no longer speak passwords

because apparently passwords that are being spoken, yes, they can be overheard by people

in your proximity.

I wouldn't call any of these vulnerabilities extra critical,

so apply the patch as it becomes available, but no need to rush it at this point unless we are

seeing some exploits being published. Apparently a recent update to Windows 8 and Windows 10 is causing these

systems to have a hard time getting a DHCP lease from very selective

routers. Not really clear what the issue is but appears to be affecting

certain ISPs that use these routers.

...