ISC StormCast for Wednesday, March 6th, 2024
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 6 March 2024
⏱️ 7 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Wednesday, March 6, 2020, |
| 0:04.1 | edition of the Sansonet Storm Center's Stormcast. |
| 0:08.0 | My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida. |
| 0:13.5 | Apple today released a surprise update for iOS and with that also for iPad OS. Unlike usual for Apple, we only got updates for this operating system, not for any others like MacOS, and we also only got four vulnerabilities patched here, which is low for a somewhat major update. It's the update to 17.4 from 17.3. So this is a feature |
| 0:44.1 | update in addition to a small security update. Now I'm saying small because it only has |
| 0:50.2 | four vulnerabilities being patched here. Two of the vulnerabilities, however, are already exploited. |
| 0:57.6 | One of the vulnerabilities is also exploited on the older iOS 16, which also received an update |
| 1:04.6 | today. |
| 1:05.6 | These already exploited vulnerabilities are essentially privileged escalation vulnerabilities, so we only rated them as moderate so far. |
| 1:15.6 | There's a third vulnerability that we rated as moderate. |
| 1:18.6 | It only affects private browsing and may make some tabs briefly visible. |
| 1:24.6 | So basically if you hand your iPad to another user, they may briefly see your |
| 1:29.4 | private browsing tabs. The fourth vulnerability, also moderate, is another sort of privacy issue |
| 1:35.8 | that basically just redacts some additional data from logs. Interestingly, there was also an update for iOS |
| 1:43.9 | 15, but according to Apple, |
| 1:47.2 | that update did not fix any security vulnerabilities, so not clear if this one vulnerability |
| 1:53.4 | that was patched in iOS 16 just didn't affect iOS 15 or if a patch will come later. |
| 2:03.9 | And in today's diary, I took a quick look at some of the logs we are having that indicate attacks or scans for perimeter security devices. |
| 2:10.5 | Of course, over the last few years, we had numerous critical vulnerabilities in perimeter |
| 2:15.7 | security devices, in particular also these enterprise |
| 2:18.8 | secure devices, like for example, your Citrix, Evanti, and these various products, not just |
| 2:26.5 | the home routers, which of course always for a long, long time, were sort of a prime target. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.