Hello and welcome to the Tuesday, October 29th, 2024 edition of the Sands and its Storms on a stormcast. My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida. Apple today released its usual updates for pretty much everything. Their updates for MacOS, iOS, VisionOS, WatchOS,

as well as TVOS. Some of these updates are available for older versions of the operating

systems with MacOS. It goes back, two versions back to MacOS Ventura 13 and 14 are being covered in addition to the current

version 15 iOS is going back one version to iOS 17 this update of course is also a big

feature update for iOS 18 and macOS 15 it adds the new AI feature set that was sort of highlighted for these

recent versions of the operating system. There is no security patch only release for iOS 18 and

macOS 15. However, the updates for the older operating system versions, they are

just security updates and they will not get you any of the newer features. I counted a total of

67 vulnerabilities being patched here across the different operating systems. None of them

is currently being exploited.

I didn't really see any sort of patch now style vulnerability.

A lot of the vulnerabilities are actually a lock screen vulnerabilities.

I think there was about half a dozen or so of them, which I thought was a little bit

interesting.

And what this often comes down to is that if you're enabling certain features to be available

on the lock screen, they are not properly access control.

It's usually best practice to limit what you are exposing on the lock screen.

And then, of course, keeping your devices under your physical control is always preferred.

Also a number of vulnerabilities that essentially come down to one application being able to

see another application's data. iOS in particular is supposed to sandbox all of these

applications. That has often failed in the past and still fails occasionally.

Here, my recommendation is, well, be careful what applications you're installing.

...