Hello, welcome to the Tuesday, September 18th, 2018 edition of the Sansonet Storm Center's

Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

One sadly still a common exploit scenario are documents with links to SMB shares.

The goal here isn't often to actually get the user to download and launch the file,

but instead to transmit credentials to the SMB server.

So to help you identify office documents that take advantage of this problem, Rob is going over some tricks how to identify these links in office documents without having to fully reverse

these documents and figure out what else is happening with them.

And then somewhat pre-announced we got from Apple a new version of iOS, TVOS, and

watchOS.

Now, as usual, I'm not too concerned about all the fancy new feature in these operating

systems, but instead about the security content.

And there are a couple of interesting things that are being fixed

here. First of all, the Safari URL spoofing vulnerability that already has been made public

after Microsoft patched it in Edge. Well, that's now patched in iOS. And since we didn't yet get the new version of macOS today, Apple also released a new

version of Safari for all current versions of OS10 and MacOS.

This version of Safari again also patches this URL spoofing vulnerability.

Another known safari issue being addressed is a problem

with autofill. Now, auto fill is meant to only auto fill data on particular sites, but due to this

vulnerability, it was possible for an attacker to trick Safari into autofilling data into a malicious

site. Another sort of interesting issue that's being addressed is that RC4 was removed as an encryption algorithm.

So in summary, there are some critical security issues that you probably do want to address,

and that's one reason to apply this update.

...