meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Wednesday, March 27th 2019

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 26 March 2019

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Apple Updates; ASUS Response; Firefox Cert Issues; UC Browser MITM Vuln

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Wednesday, March 27th, 2019 edition of the Sands and the Storm Center's

0:06.2

Stormcast. My name is Johannes Ulrich, and today I'm recording from Madrid, Spain.

0:12.8

Well, today we got updates from Apple for pretty much all of its products. This, of course,

0:19.4

comes at the back end of the big announcements yesterday,

0:23.9

and in addition to new features, there are also a large number, about 50 or so different

0:30.2

security vulnerabilities that are being addressed by these updates. This affects two Windows

0:35.8

applications as well. ICloud and iTunes for Windows have been updated. The main issue here is WebKit vulnerabilities that are being addressed, but for ICloud it also fixes some issues that sort of sound like these DLL loading vulnerabilities that are being exploited if you are launching the application

0:58.2

or installing the application from an untrusted directory.

1:03.5

In addition to updates for these Windows applications, we have updates for Safari, also security

1:09.1

updates for macOS Mojave and high Sierra, Sierra, TBS, and Xcode and iOS.

1:19.1

The Xcode issue is, rather sort of addressing a kernel approach escalation vulnerability.

1:25.0

One interesting vulnerability in iOS sort of caught my attention.

1:30.2

And they're talking about the ability to execute arbitrary code if you are clicking on a link

1:37.0

within an SMS message. Also interesting, this vulnerability is located in the Geoservices subsystem.

1:45.7

Also, in Mail, this update fixes another problem with S-Mime.

1:51.9

Of course, last year, there was a lot of news around how S-Mime cannot necessarily be trusted.

1:58.0

At this point, I haven't seen any reports of any problems with this particular update.

2:04.1

If you don't hear anything by the time you are listening to this podcast, it's probably

2:10.1

good idea to update your devices.

2:13.6

And Aces responded to yesterday's news from Kaspersky that its life update software was backdoored and used by an advanced persistent threat actor in order to modify selected target systems.

2:28.9

The press release states that AIS has modified the software to hopefully prevent a repeat of such an attack

2:36.0

that they put in some internal checks to make sure the software didn't get modified

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.