ISC StormCast for Tuesday, March 26th, 2024
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 26 March 2024
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Tuesday, March 26, 2004 edition of the Santonet Storm Center's |
| 0:06.8 | Stormcast. My name is Johannes Ulrich, and then I'm recording from Jacksonville, Florida. |
| 0:13.6 | Always great to see the different tools that our handlers create to make life easier. |
| 0:18.7 | And of course, by sharing them, they're making life easier for all of us. |
| 0:23.7 | Jim just provided a couple updates for two tools that he's maintaining. |
| 0:28.8 | One is his low Indian hex-to-IP tool. |
| 0:33.8 | Python script that converts hexadecimal to IP addresses in various formats, does support IPB6. |
| 0:43.6 | We'll need tool, and of course often you find like in memory dumps or such these IP addresses in the hexadecimal format that they then want to convert to something more readable. |
| 0:54.9 | There's also 6.Pi that Jim updated. It just creates a number of hashes for particular files and now also |
| 1:03.9 | supports taking input directly from standard in. And Apple today released their expected updates for Mac OS. And part they were |
| 1:14.2 | expected because last week we did receive updates for iOS, iPadOS, and Vision OS. But we didn't |
| 1:22.9 | receive any security details because, well, they were held back to today when Apple released the |
| 1:30.2 | related Mac OS updates. And indeed, there are, first of all, there are only two vulnerabilities |
| 1:34.6 | that are being addressed here. At least Apple describes them as two vulnerabilities, but |
| 1:41.2 | they actually have the same CVE number. What's probably going on here is, well, |
| 1:47.1 | both of these are out-of-bound right vulnerabilities that occur when an image is being processed. |
| 1:55.9 | One of the vulnerabilities is in core media. The other one is in WebRTC. So it's probably the same mistake that was just made in two different places, which is why we get one CVE, but two vulnerabilities in Apple's updates. |
| 2:14.6 | These two vulnerabilities do apply across all the patched operating systems. |
| 2:19.5 | That includes a macOS Sonoma 14.4, which is now 14.41, MacOS Ventura 13, iOS, iOS, iPadOS 17, and |
| 2:30.8 | iOS iPadOS 16, and then of course Apple Vision OS 1.1.1. |
| 2:37.5 | These vulnerabilities were found by Google's Project Zero. |
| 2:41.5 | Nick Galloway is credited with these vulnerabilities. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.