Hello and welcome to the Tuesday, February 11th,

2025 edition of the Science Internet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Today we got a diary by Dedi with more details regarding that famous mark of the web issue.

As I indicated,

there have been ongoing issues with the mark of the web,

not properly propagating if you're decompressing files

or other sort of multifile compound formats,

like, for example, disk images.

DDA is talking here specifically about 7Sip. 7Sip on Windows has a specific setting that's actually disabled by default

to set the mark of the web for all extracted files

if the archive overall had this mark set.

And again, this is an issue that has to be taken care of on unpacking, on decompression,

not on compression, kind of nice if an attacker assembles an archive with the mark of web

being set for all the components.

But again, the archive was created by the attacker,

so it's really up to the defender as they are unpacking these archives to properly set the mark

of the web on all files being extracted, so users will get the proper warning as they are then attempting to open any of the files.

Then we got an update from Apple for iOS and iPad OS.

This particular update fixes one single vulnerability, which already indicates it's important vulnerability.

It's one that's already being exploited in the wild.

Apparently, this vulnerability allows attackers to bypass USB restricted mode.

...