Podcast Detail

SANS Stormcast Monday, July 6th, 2026: Apple Patch Policy; FatFS Vulns; OpenWRT; Multi-Agent Offensive AI;

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9994.mp3

Podcast Logo
Apple Patch Policy; FatFS Vulns; OpenWRT; Multi-Agent Offensive AI;
00:00

My Next Class

Click HERE to learn more about classes Johannes is teaching for SANS

Podcast Transcript

 Hello and welcome to the Monday, July 6, 2026 edition
 of the SANS Internet Storm Center's Stormcast. My name is
 Johannes Ullrich, recording today from Jacksonville,
 Florida. And this episode is brought to you by the SANS.edu
 undergraduate certificate program in cybersecurity
 fundamentals. Last week when I covered Apple's updates, I did
 mention that they felt a little bit different than what
 we usually saw for Apple. They weren't really sort of an
 emergency update where we had some very specific exploited
 vulnerabilities being fixed, but they also weren't just a
 big broad update. We usually saw where we get patches for
 every single of Apple's products. We only got them
 sort of for the iOS, macOS and Safari with a heavy focus on
 WebKit vulnerabilities. And that sort of also explains the
 inclusion of Safari. Well, Reuters now published that
 this is apparently sort of a new strategy going forward
 from Apple when it comes to patches and releasing security
 updates. They're no longer necessarily going to wait for
 the next major update. So currently we are like on iOS,
 macOS of 25. Sorry, 26.5. The next sort of update would then
 be 26.6. But what they released basically last week
 were vulnerabilities they fixed in some of the betas for
 26.6. And they didn't really want to wait until 26.6 is
 released. So they accelerated the release of these patches.
 And that's something that we should expect in the future.
 So basically expect more and sort of more incremental
 security updates from Apple that aren't necessarily sort
 of bundled in with some of the feature updates that we have
 seen in the past. When talking about discovering and
 exploiting vulnerabilities with the aid of AI, clients,
 vielleicht more or agendas. They don't have to worry about
 what we are The next slide is by Plinus Elder. Elder Plinus
 has released a new tool T3MP3ST. And what's sort of
 unique about it is, it's not a new model than there are now a
 number of them that can be used to find vulnerabilities
 and exploit them. Instead, it's really more a harness
 that can then be used for existing coding agents that
 you already use. So if you're using anything like cloud or
 such, or even your local model to code, well, you can use
 T3MP3ST in order to then use that model to find
 vulnerabilities and also create exploits for them the
 advantage is well as sort of pointed out in the readme file
 that you don't have yet another token bill of course
 now it goes against whatever tokens you're using with these
 existing models on the other hand I sort of I'm really
 interested in trying it out with local models with you
 know it's of course more interesting because they have
 more control over what models are using and also what
 safeguards these models may be implementing and run zero
 published a blog post with details regarding seven
 different flaws in fat FS everybody listening to this
 podcast probably has heard about the fat file system the
 good old sort of no Windows style file system well it's of
 course often used for anything kind of that mounts SD cards
 USB media and one of the popular open source
 implementations is fatFS so if you have an IOT device for
 example that can mount an SDcard it probably runs fat FS
 the library to implement the fat file system seven of these
 bugs were now disclosed and many of them allowing
 arbitrary code execution this is in particular a problem for
 IOT devices you don't always need to physically mount a
 file system like some kind of ISO file or something like
 this can often be used to mount then a virtual drive to
 a system and trigger some of these vulnerabilities which
 could of course be exploited in for privilege escalation
 and open WRT did release an update that fixes a number of
 interesting security vulnerabilities version 25.12
 .5 don't usually mention them and nothing here sort of
 screams patch now but certainly even your open
 source devices need to be updated occasionally and we
 have seen all the havoc that attackers are creating with
 sort of no border security devices like that none of
 these is sort of unauthenticated device
 takeover type vulnerabilities there are a number of approach
 escalation vulnerabilities also some DHCP related
 vulnerabilities that can be exploited by network adjacent
 devices so not exactly sort of a remote attacker as always
 you never really should expose the admin interfaces of any
 device like this to the internet use VPNs and such for
 it but on the other hand there's also an SH update here
 that fixes some SCP issues in this release well and that's
 it for today so thanks for listening thanks for liking
 and subscribing to this podcast and as always talk to
 you again tomorrow bye
 you