Hello, welcome to the Tuesday, July 20th, 2021 edition of the Sansonet Storm Center's Stormcast. My name's Johannes Ulrich. And today I'm recording from Jacksonville, Florida.

Brent Nightmare is the vulnerability. It keeps on giving. We have now yet another CVE that's being tracked for Print Nightmare, and that's CVE

2021, 34, 481. I briefly, I think, mentioned it on Monday. This is the local privilege escalation,

so it does allow a local user to obtain system level privileges.

It's not exploitable remotely like the prior vulnerability, which of course still makes it a

problem but the lesser problem than the other print nightmares.

Not a lot of details here other than the CVE number and the scope of the vulnerability to mitigate the vulnerability.

For now, your only choice is to disable the print spooler service.

And Apple today released updates for iOS, watchOS, TVOS, as well as for Safari, but the Safari update was only released for

MacOS, Catalina and Mojave.

So far, Apple has embargoed any vulnerability details, but, well, it can be assumed that

there are multiple vulnerabilities that are being addressed by these updates.

In particular, the iOS update is something you probably do want to apply.

Now, Safari is kind of interesting.

Typically, Apple is releasing Safari for these older operating system,

and then an update for the latest operating system, which would be

macOS bixir at this point. However, this hasn't happened yet. Apple today released a second

release candidate for the next version of macOS bixir. Also a little bit unusual to have two

release candidates. Likely something sort of, you know,

came up in the last sort of sanity checks before they got ready to release this. I would expect

an update for macOS to be delivered maybe on Tuesday today or later this week. At that point, we probably will also

get more details about these vulnerabilities. Apple usually holds them back if there is a lot of

...