Hello, welcome to the Tuesday, May 25th, 2021 edition of the Sansanet Stormers Stormcast.

My name is Johannes Ulrich, recording again from Jacksonville, Florida, but teaching virtually

in London, England this week.

Well, big news today from Apple. Apple again, released updates for pretty much anything.

And well, of course, the big focus here is new functionality.

With these updates come also important security patches.

So on the desktop, I guess you would call it, operating system side,

the got updates for macOS bix Pixar, Mojave, as well as Catalina.

So two versions back here.

Then we got updates for iPadOS, iOS, TVOS, and watchOS.

Of note is that there are three vulnerabilities being addressed here. Actually, even in TVOS. Of note is that there are three vulnerabilities being addressed here, actually even in

TVOS, that are currently already being exploited. And probably the most interesting one of

these vulnerabilities is CVE 2021-3713.

This impacts macOS Bixer,

and it is a bypass of the transparency, consent,

and controller TCC framework,

which is used to give permissions to software

to do sensitive things, like like for example, taking screenshots.

And with the release of the patch today, there's also a blog post by YAMF, the maker of enterprise

management software for Apple devices.

They have details about how a recent version of the XCS set malware took advantage of this vulnerability.

Now, XCS set has been around at least since August last year.

...