SANS Stormcast Wednesday, November 5th, 2025: Apple Patches; Exploits against Trucking and Logistic; Google Android Patches
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 5 November 2025
⏱️ 6 minutes
🧾️ Download transcript
Summary
Apple Patches Everything, Again
Apple released a minor OS upgrade across its lineup, fixing a number of security vulnerabilities.
https://isc.sans.edu/diary/Apple%20Patches%20Everything%2C%20Again/32448
Remote Access Tools Used to Compromise Trucking and Logistics
Attackers infect trucking and logistics companies with regular remote management tools to inject malware into other companies or learn about high-value loads in order to steal them.
https://www.proofpoint.com/us/blog/threat-insight/remote-access-real-cargo-cybercriminals-targeting-trucking-and-logistics
Google Android Patch Day
Google released its usual monthly Android updates this week
https://source.android.com/docs/security/bulletin/2025-11-01
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Wednesday, November 5th, 2025 edition of the Sands Internet Storm Centers. |
| 0:11.5 | Stormcast, my name is Johannes Orich, recording today from Jacksonville, Florida. |
| 0:17.3 | And this episode is brought you by the Sands.edu graduate certificate program in cloud security. |
| 0:23.7 | And we got patches from Apple. |
| 0:26.4 | Now, the patches were actually released on Monday. |
| 0:28.3 | I didn't get them into the Monday or Tuesday podcast. |
| 0:33.4 | So covering them now, we got a total of 110 vulnerabilities addressed in these patches. |
| 0:39.4 | And as typical for Apple, we got updates for pretty much every single product of theirs, |
| 0:46.9 | with a lot of overlap between those products, just because the underlying operating system |
| 0:51.7 | has a lot of overlap as well. There are a couple of |
| 0:56.5 | vulnerabilities here that I sort of point out, and that's memory corruption vulnerabilities in |
| 1:00.9 | Image I.O. Also in font parser. These type of vulnerabilities have in the past been exploited |
| 1:07.5 | for remote code execution. Apple's notes to their patches are always very sparse, |
| 1:13.9 | so really hard to tell how exploitable these memory corruptions are |
| 1:18.6 | and whether they actually will lead to code execution. |
| 1:23.6 | Also, we got at least one memory corruption in WebKit |
| 1:27.1 | that, of course, affects Safari |
| 1:29.3 | and anything sort of exposed via a website that a user may visit. |
| 1:35.2 | There's also, as usual for Apple, a separate Safari update. |
| 1:39.7 | The reason you have this is because some of the older operating systems, |
| 1:44.0 | well, they may now need |
| 1:45.3 | a newer version of Safari to address the WebKit issues that Apple Patch, because they |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.