Hello, welcome to the Tuesday, June 15th,

2021 edition of the Sandler, Storm Center's Stormcast.

My name is Johannes Ulrich,

and then I'm recording from Jacksonville, Florida,

and again virtually teaching this week in Paris, France.

Apple today released iOS 12.5.4. The most recent version of iOS, of course, is iOS 14.6. However, some older devices going back to the iPhone 5 and iPhone 6 are not supporting newer iOS versions, and that's why Apple is still releasing security updates

for iOS 12. This particular update fixes three war-warrant abilities. One is a vulnerability

in how certificates are parsed, and it may lead to arbitrary code execution.

And then we have two WebKit vulnerabilities that also may lead to memory corruption or code execution.

And apparently these vulnerabilities are already actively being exploited.

So if you're still running one of these older devices, make sure you update.

And apparently nist.gov at the National Institute for Standard and Technologies domain suffered an outage earlier today. I was able to see this myself early this morning,

and there were a couple of reports on Twitter as well as on the outage's mailing list.

One of the effects was that the website, of course, that serves many security standards and

such, was not reachable. Also

affected was apparently the NIST time service because some of the host names of these NIST

time servers were not resolvable and some organizations are using them as their time standards. For less critical

NTP services, of course, you may want to just sync with pool.nTP.org or go or run your own

little NTP server that is synchronized, for example, via GPS.

It's not quite clear what the root cause of the outage was,

but apparently it was DNS-related, of course,

and it may have been caused by a denial-of-service attack,

...