meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Tuesday, July 25th, 2023

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

News, Tech News

4.9754 Ratings

🗓️ 25 July 2023

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Updates; jq parsing; TETRA Radio Backdoor;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello and welcome to the Tuesday, July 25, 2020, 3 edition of the Sansonet Storm Center's Stormcast.

0:07.9

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

0:13.3

Apple today released updates for iOS, iPad OS, Mac OS, TVOS, as well as watchOS.

0:22.3

Lots of new vulnerabilities being addressed here.

0:25.6

Interestingly, there are new already exploited vulnerabilities that are also being included in this update.

0:32.6

Now, a little bit difficult here to figure out what's exactly new and old, because these updates also do include what was published and fixed earlier with the Rapid Security Response Update about a week ago.

0:47.1

In addition to updates to the operating systems, we also do have an update to Safari, which is specifically created for the older versions of

0:57.2

Mac OS. For Mac OS, the updates are going back to MacOS 11, which is Bigser. For iOS and

1:06.5

iPadOS, we do have updates for 15 and 16. With 16, we are now at version 16.6. So no more third digit because this is also of a major feature update, not just sort of a security update and definitely not one of the rapid security response updates, which of course

1:28.5

only add letters at the end of the operating system version. As usually, there's lots of

1:35.1

overlap here between the different operating systems. Just a couple of highlights here.

1:39.7

Apple's neural engine apparently had a wall on a billy that does allow arbitrary code execution with kernel privileges.

1:47.7

That also affects the other operating systems because pretty much all of the current Apple CPUs do have a neural engine.

1:55.2

So I assume that this is code related to this neural engine.

2:00.8

Find my interesting here, not a huge problem, but apparently some kind of logic issue

2:06.4

that will allow an app to read sensitive location information that's being addressed

2:13.1

here.

2:13.7

Lots of privilege escalation issues in the kernel.

2:18.0

And then, like I said, we do have a second critical or I should say already exploited

2:25.2

vulnerability in Mac OS.

2:28.8

This vulnerability is a kernel vulnerability.

2:32.2

It is being patched in Mac OS, but it's present in all the other operating systems as well.

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.