ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Apple Updates Everything
Published: 2024-10-28.
Last Updated: 2024-10-28 20:34:12 UTC
by Johannes Ullrich (Version: 1)
Today, Apple released updates for all of its operating systems. These updates include new AI features. For iOS 18 users, the only upgrade path is iOS 18.1, which includes the AI features. Same for users of macOS 15 Sequoia. For older operating systems versions (iOS 17, macOS 13, and 14), patches are made available, addressing only the security issues.
None of the vulnerabilities is marked as already exploited. The update fixes several lock screen bypass issues and cross-application/sandbox escape issues. Overall, I didn't spot a "mast patch now" issue. Many of the lock screen bypass issues can often be eliminated.
Apple patched a total of 67 vulnerabilities.
Breakdown of vulnerabilities by operating system ...
Read the complete entry:
https://isc.sans.edu/diary/Apple+Updates+Everything/31390/
Development Features Enabled in Production
Published: 2024-10-24.
Last Updated: 2024-10-24 17:06:30 UTC
by Johannes Ullrich (Version: 1)
We do keep seeing attackers "poking around" looking for enabled development features. Developers often use these features and plugins to aid in debugging web applications. But if left behind, they may provide an attacker with inside to the application. In their simplest form, these features provide detailed configuration information. More severe cases may leak credentials or even provide full remote code execution access.
Here are some I noted today ...
Read the complete entry:
https://isc.sans.edu/diary/Development+Features+Enabled+in+Prodcution/31380/