Hello and welcome to the Tuesday, May 14, 2020,

edition of the Santernet Storm Center's Stormcast.

My name is Johannes Ulrich,

and I'm recording from San Diego, California.

Apple today released its usual updates for everything,

including iOS, iPad OS, Mac OS, watchOS, and TVOS.

In particular, for MacOS and iOS, it goes back a couple versions.

29 vulnerabilities are being addressed across the different operating systems.

One that's sort of interesting is one that has already been exploited.

CVE 2024-23296, this is a vulnerability in RT kit.

Now, back in March, Apple did release updates for this vulnerability

for more recent versions of iOS and Mac OS.

This particular update now does patch this vulnerability for older versions like iOS 16 and MacOS 12 Monoray.

If there's anything odd and interesting, then maybe the fact that there is only a single

web kit vulnerability being addressed in this update. Other than that, lots of privilege

escalation flaws. There is a slight lock screen bypass. That's, of course, always sort of interesting. Nothing I would think that suggests

specifically expediting this update other than the update for the older versions of iOS and

macOS. And then we got an interesting update from Juniper for JunoS and JunoS Evolved.

This update addresses multiple vulnerabilities in OpenSH.

Now this is a little bit a tricky update to read here, but if I do read it correctly, the problem here is JunoS uses a heavily

customized version of OpenSH version 2.5 patch level 1. That particular version in its default

open source version had a number of vulnerabilities. And of course, if you're running a

...