Hello and welcome to the Tuesday, September 30th, 20th,

2000, 5th edition of the Sands and at Storm Center's Stormcast.

My name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the sands.edu master's degree program in

information security engineering. Today we got a little bit of surprise update from Apple for

iOS, iPad OS and macOS 26. No, it's not a surprise that there is an update shortly after there is a

major update like this because that usually fixes some of the bugs and such that came out

after the product was sort of released to the masses. But this time it also fixes an single

vulnerability. It's a font parser vulnerability that but this time it also fixes a single warnability.

It's a font parser vulnerability that can lead to unexpected app termination or corrupt process memory.

The second part could hint to possible code execution, even though that's not stated like this in the advisory.

There is no indication from Apple that this particular vulnerability has already been

exploited. Often Microsoft does release sort of these one vulnerability updates for actively

exploited vulnerabilities. But I think here it's just that this was sort of one of the

issues that came up after 26 was released and now is being patched as a security patch with the

functional patches released with this update. They also released it for a couple older versions

of macOS as well as for the last version before 26 for iOS and iPad OS.

Doesn't affect TVOS, doesn't affect watchOS, so the updates released today for those operating systems are just functional.

And our honeypots are seeing an increase in scans for a little bit

an older Palo Alto Global Protect Warnability. That's Palo Alto's VPN solution. It exploits CVE

24, 3,400. This vulnerability is very easy to exploit and has already been widely exploited.

I see this a little bit sort of as a cleaning up kind of scan, looking if there are any unexploited

...