Hello, welcome to the Tuesday, January 24th, 2017 edition of the Sandsenet Storms,

and his Stormcast. My name is Johannes Ulrich Entertainment recording from Jacksonville, Florida.

I think it was last week when I talked about some of these atomic fragment issues with IPV6.

Well, over the weekend, I had a little bit time to look at some of this,

and I posted some scy scripts and fragments in order,

well, to create IPV6 fragments and play a little bit with this.

So if you want to experiment, if you want to explore what's going on with IPV6 fragmentation on your system, feel free to use any of these scapey snippets.

And Apple today had one of its patch everything days, starting with watch OS, which is now 313 TVOS, that's 1011, iOS, that's 1021,

MacOS, Sierra, and then for older versions of OS10, we also have a new version of Safari, and

yes, Windows users, you also got an an update and that's for iCloud.

There isn't anything I think that sort of really sticks out here with this particular set of patches.

Lots of web kit vulnerabilities as usual that affect multiple operating systems here ios safari of course and with that

sierra and of course exploits against the watch always sort of garner some interest in this case

there are a couple of code execution flaws that could be triggered by playing audio files, for example, on the watch.

Certainly worthwhile to update this quickly, and as usual with Apple, you don't really get to

pick which patches you would like to install. So and so far, there isn't really any strict

priority here. But if you're looking for a vulnerability, you should probably fix before you finish

listening to this podcast.

It is a remote code execution backdoor in the WebEx plugin for Google Chrome.

This plugin comes from Cisco, the company behind WebEx, and the vulnerability

was made public by Google's Seroday project. Essentially, what's happening here is that as you

set up, a WebEx meeting, the web server may send along a URL and WebEx will start any code that it finds

...