Hello, welcome to the Tuesday, March 28th, 2017 edition of the Sandtonet Storm Center's Stormcast.

My name is Johannes Ulrich, and the time recording from Jacksonville, Florida.

Well, Apple updated everything. Again, everything in this case also included the Apple Iverg office applications.

Haven't really seen any specific patches being released for Iverg in the past from Apple.

In this case it fixes a problem with the document password encryption.

Up to now it used RC4 which of course is not the greatest encryption

algorithm to put it lightly. They now changed that to ES 128. For Safari, Apple fixed

38 different vulnerabilities didn't see anything really special or out of the ordinary here. Of course,

there are several code execution vulnerabilities in here. That's one reason why you definitely

do want to patch this. Now, there are a number of other typical web browser vulnerabilities

that are being addressed, like same origin validations, there are some cross-site scripting issues

in WebKit that are being patched, and then of course some denial of service conditions.

Mac OS Sierra and OS 10L Capitan also received updates.

Now, there are a couple of ones that sort of stick out.

First of all, updates to open source software that Apple is using, for example, Libre

Essel, the Azale library that Apple is using for Apache received an update,

PHP received an update.

An interesting update for Thunderbolt.

I thought something like this was already fixed in the last update.

Essentially, as the system boots the file vault password may leak via Thunderbolt.

This is an issue where Thunderbolt really physically has access to the system's bus. Now there are some software protections

that are put in place to prevent someone from just blocking in a device into Thunderbolt

...