Hello, welcome to the Wednesday, January 24th, 2018 edition of the Santern Storm Center's Stormcast. My name is Johannes Ulrich and I'm recording from Jacksonville, Florida. Apple today had one of its usual surprise patch days that affect all of its operating systems. We got patches for watchOS, iOS,

macOS or OS10, and TVOS. For some older versions of OS10, there's also a separate Safari

update. Out of the total of 19 vulnerabilities being addressed here, and I think that's actually a little

bit on the smaller side as far as Apple patches go.

Ten of the vulnerabilities do apply to all of the different products.

Now of note here is probably that there is another patch for the meltdown vulnerability.

Originally, Apple released an update for High Sierra on January 8th.

Now, this update did not cover the older version of the operating systems that are still

being supported like Sierra and El Capitan.

Well, with today's update, you will also get the meltdown patch for these older operating

systems.

Another interesting vulnerabilities being addressed here is what Apple calls the link presentation

vulnerability.

This vulnerability has already been exploited.

I mentioned it here before. In order to exploit

a vulnerability, an attacker would send you a link via iMessage that then leads to a web page

that includes a malicious open craft hack. Now, you don't actually have to click on the link,

just the preview within iMessage will cause

the system to lock up. However, the vulnerable is it. I'm sort of most worried about are three

vulnerabilities in WebKit. WebKit, of course, is the rendering engine behind Safari and

could easily be exploited by a malicious web page. These particular vulnerabilities do allow

arbitrary code execution. So this is a classic vulnerability that would be exploited by

...