4.9 • 696 Ratings
🗓️ 6 September 2016
⏱️ 5 minutes
🧾️ Download transcript
Click on a timestamp to play from that location
0:00.0 | Hello, welcome to the Tuesday, September 6, 2016 edition of the Sansanet Storm Center's Stormcast. |
0:07.1 | My name is Johannes Ulrich, and today I'm recording from New York City, New York. |
0:12.0 | Apple on Friday released a somewhat expected update for OS10. |
0:18.0 | That update fixes the problems that first became evident in iOS with the iOS |
0:25.4 | kernel and WebKit. Of course, Safari on OS10 also uses WebKit, so that was a pretty |
0:32.1 | obvious patch that had to be applied to OS10 as well. And then the two kernel vulnerabilities that affected iOS also affect the OS10 kernel, |
0:43.3 | which again is somewhat expected because the two kernels share a lot of code. |
0:48.3 | This particular set of vulnerabilities, also known as Trident vulnerabilities, |
0:53.3 | was used in the Pegasus Malware attempt |
0:56.9 | that did target iOS. |
1:00.0 | So at this point, there is no known exploit against OS10, but it's very likely that there |
1:06.6 | may be an exploit similar as there was one for iOS that is being used or has been used in |
1:13.4 | target attacks. That's why I think you probably should apply this patch rather quickly and it |
1:20.5 | only fixes these three very specific vulnerabilities. And Xavier wrote up about some Malware that he spotted this weekend that used the dot-pup extension. Now, that's commonly used by Microsoft Pub publisher. It's a tool that's installed with many versions of Office, so you may have publisher installed, even though it's not used as much and not as well |
1:46.6 | known as vert or excel some of the typical targets for malware publisher does have a lot of the |
1:53.7 | same capabilities and with that a lot of the same vulnerabilities as these other tools have |
2:00.1 | but then again the downfall of blacklisting |
2:03.6 | that you don't blacklist.pup, unlike you do for Excel or documents, for Word documents. |
2:11.6 | So as a result, it may slip past some of your filters. And as Xavier points out that a lot of malware researchers also |
2:20.7 | don't have publisher installed by default in their sandbox and may not spot these exploits as a result. |
2:29.0 | And if you're running Sophos antivirus on Windows 7 service pack 1, then September 4th may have been a bad day |
2:38.5 | for you because SOFOS antivirus did identify Winnlogon.exe a critical Windows component as malicious. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.