Handler on Duty: Didier Stevens
Threat Level: green
Podcast Detail
SANS Stormcast Tuesday, September 16th, 2025: Apple Updates; Rust Phishing; Samsung 0-day
If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9614.mp3
My Next Class
Application Security: Securing Web Apps, APIs, and Microservices | Las Vegas | Sep 22nd - Sep 27th 2025 |
Application Security: Securing Web Apps, APIs, and Microservices | Denver | Oct 4th - Oct 9th 2025 |
Apple Updates
Apple released major updates for all of its operating systems. In addition to new features, these updates patch 33 different vulnerabilities.
https://isc.sans.edu/diary/Apple%20Updates%20Everything%20-%20iOS%20macOS%2026%20Edition/32286
Microsoft End of Life
October 14th, support for Windows 10, Exchange 2016, and Exchange 2019 will end.
https://support.microsoft.com/en-us/windows/windows-10-support-ends-on-october-14-2025-2ca8b313-1946-43d3-b55c-2b95b107f281#:~:text=As%20a%20reminder%2C%20Windows%2010,one%20that%20supports%20Windows%2011.
https://techcommunity.microsoft.com/blog/exchange/t-9-months-exchange-server-2016-and-exchange-server-2019-end-of-support/4366605
Phishing Targeting Rust Developers
Rust developers are reporting similar phishing emails as the emails causing the major NPM compromise last week.
https://github.com/rust-lang/crates.io/discussions/11889#discussion-8886064
Samsung Patches 0-Day
Samsung released its monthly updates for its flagship phones fixing, among other vulnerability, an already exploited 0-day.
https://security.samsungmobile.com/securityUpdate.smsb
Application Security: Securing Web Apps, APIs, and Microservices | Las Vegas | Sep 22nd - Sep 27th 2025 |
Application Security: Securing Web Apps, APIs, and Microservices | Denver | Oct 4th - Oct 9th 2025 |
Application Security: Securing Web Apps, APIs, and Microservices | Dallas | Dec 1st - Dec 6th 2025 |
Application Security: Securing Web Apps, APIs, and Microservices | Orlando | Mar 29th - Apr 3rd 2026 |
Network Monitoring and Threat Detection In-Depth | Amsterdam | Apr 20th - Apr 25th 2026 |
Application Security: Securing Web Apps, APIs, and Microservices | San Diego | May 11th - May 16th 2026 |
Podcast Transcript
Hello and welcome to the Tuesday, September 16th, 2025 edition of the SANS Internet Storm Centers Stormcast. My name is Johannes Ullrich, recording today from Jacksonville, Florida. And this episode is brought to you by the SANS.edu Graduate Certificate Program in Cyber Defense Operations. And today was Apple's big annual update where they released new versions of their operating systems. Now these are new major versions. First of all, there are in addition of course to the widely publicized new features, there are 33 vulnerabilities that were addressed across the different operating systems. You do not have to upgrade to the latest greatest 26 version of the operating systems. They also today released the minor updates for the last releases of these operating systems. So you can for now stick with those earlier releases, basically last year's release of the operating system. Depends how well risk adverse you are, whether or not you're going to wait a little bit to update to the 26 version of the operating system or if there is a particular feature that you like. At this point, I haven't heard about any major issues around these updates other than Apple's servers being kind of slow and it takes quite a while to actually download many of these updates. The older operating system updates, they appear to download pretty quickly. So it looks like they may have some a little bit different infrastructure or some load sharing setup or so to prioritize a little bit these older operating systems. So that should be an easier upgrade. One thing I'm interested in if someone went ahead and upgraded, if there are any security issues that you had in the sense, any existing security software that you have installed on these systems that no longer works. At this point, I haven't really seen any real problems there. I saw some reports about Palo Alto Networks Global Protect, their VPN setup, having some issues. So that's something to look out for. I did a quick basic Google search and looked for a company statements and such and found like CrowdStrike, Little Snitch, Microsoft Defender. They state that their software is compatible and should have no problems with the new version of iOS and macOS. So then again, if you run into any issues, please let me know. Like with any brand new operating system, it just came out a few hours ago. There's probably a lot of issues that haven't really yet been discovered. Also, if you do see that a particular software is compatible with the operating system, the details usually matter, like detailed configuration options or anything that you did that's not sort of default for a particular software could always introduce problems with the major operating system. So let's move over from Apple to Microsoft reminder that a month from today, essentially October 14th, we'll lose any remaining support for Windows 10. So by now, you must have upgraded to Windows 11. At the same time, we will also lose support for Exchange Server 2016 and Exchange Server 2019. I will link in the show notes to the respective announcements by Microsoft. The Microsoft announcement will say T-9 months because what I'm linking to was published back in January. And it really spells out no more technical support, no more bug fixes, no more security fixes. And specifically for Exchange, no time zone updates, which is an interesting thing they point out here. As a separate thing they're updating, but definitely, again, you must upgrade either to a newer version or as Microsoft really wants you to do is wants you to upgrade or move over to Microsoft 365 as sort of their currently preferred and fully supported solution for that kind of email and messaging. Basically, and oftenSí phishing email so certainly something that a developer could fall for and Samsung released its September update for its mobile devices essentially its flagship phones and one of the vulnerabilities being addressed here is already exploited in the wild CVE 2025 21043 it's a libimagecodec vulnerability now we had a similar vulnerabilities also image related lately in iOS also Android that were already exploited I'm not sure if this one is related it's possible it has a different CVE number also this CVE number I didn't see it in the last Android update so this may be something specific to Samsung even though it does affect its Android phones from version Android 13 through 16. Well and this is it for today so thanks again for listening thanks for subscribing and liking and leaving good comments about this podcast and as always talk to you again tomorrow bye how may I catch you by and say if you can follow my Brian you