SANS Stormcast Wednesday Apr 2nd: Apple Updates Everything;

Update: 2025-04-02

Description

Apple Patches Everything

Apple released updates for all of its operating systems. Most were released on Monday with WatchOS patches released today on Tuesday. Two already exploited vulnerabilities, which were already patched in the latest iOS and macOS versions, are now patched for older operating systems as well. A total of 145 vulnerabilities were patched.

https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20March%2031st%202025%20Edition/31816

VMWare Workstation and Fusion update check broken

VMWare s automatic update check in its Workstation and Fusion products is currently broken due to a redirect added as part of the Broadcom transition

https://community.broadcom.com/vmware-cloud-foundation/question/certificate-error-is-occured-during-connecting-update-server

NIM Postgres Vulnerability

NIM Developers using prepared statements to send SQL queries to Postgres may expose themselves to a SQL injection vulnerability. NIM s Postgres library does not appear to use actual prepared statements; instead, it assembles the code and the user data as a string and passes them on to the database. This may lead to a SQL injection vulnerability

https://blog.nns.ee/2025/03/28/nim-postgres-vulnerability/

Comments

In Channel

SANS Stormcast Thursday, May 15th: Google Open Redirects; Adobe, Ivanti, and Samsung patches

2025-05-1506:16

SANS Stormcast Wednesday, May 14th: Microsoft Patch Tuesday; 0-Days patched for Ivanti Endpoint Manager and Fortinet Products

2025-05-1406:38

SANS Stormcast Tuesday, May 12th: Apple Patches; Unipi Technologies Scans;

2025-05-1306:29

SANS Stormcast Monday, May 11th: Steganography Challenge; End-of-Life Routers; ASUS Driverhub; RV-Tools SEO Poisoning

2025-05-1206:39

SANS Stormcast Friday, May 9th: SSH Exfil Tricks; magicINFO still vulnerable; SentinelOne Vulnerability; Commvault insufficient patch

2025-05-0904:57

SANS Stormcast Thursday, May 8th: Modular Malware; Sysaid Vuln; Cisco Wireless Controller Patch; Unifi Protect Camera Patch

2025-05-0805:41

SANS Stormcast Wednesday, May 7th: Infostealer with Webserver; Android Update; CISA Warning

2025-05-0706:44

SANS Stormcast Tuesday, May 6th: Mirai Exploiting Samsung magicInfo 9; Kali Signing Key Lost;

2025-05-0606:57

SANS Stormcast Monday, May 5th: Steganography Challenge; Microsoft Makes Passkeys Default and Moves Away from Authenticator as Password Manager; Magento Components Backdoored.

2025-05-0505:57

SANS Stormcast Friday, May 2nd: More Steganography; Malicious Python Packages GMail C2; BEC to Steal Rent Payments

2025-05-0207:16

SANS Stormcast Thursday, May 1st: Sonicwall Attacks; Cached Windows RDP Credentials

2025-05-0106:28

SANS Stormcast Wednesday, April 30th: SMS Attacks; Apple Airplay Vulnerabilities

2025-04-3008:51

SANS Stormcast Tuesday, April 29th: SRUM-DUMP 3; Policy Puppetry; Choice Jacking; @sansinstitute at #RSAC

2025-04-2907:37

SANS Stormcast Monday, April 28th: Image Steganography; SAP Netweaver Exploited

2025-04-2807:55

SANS Stormcast Friday, April 25th: SMS Gateway Scans; Comvault Exploit; Patch Window Shrinkage; More inetpub issues;

2025-04-2506:38

SANS Stormcast Thursday, April 24th: Honeypot iptables Maintenance; XRPL.js Compromise; Erlang/OTP SSH Vuln affecting Cisco

2025-04-2405:44

SANS Stormcast Wednesday, April 23rd: More xorsearch Updates; DKIM Replay Attack; SSL.com Vulnerability Fixed

2025-04-2306:18

SANS Stormcast Tuesday, April 22nd: Phishing via Google; ChatGPT Fingerprint; Asus AI Cloud Vuln; PyTorch RCE

2025-04-2205:35

SANS Stormcast Monday, April 21st: MSFT Entra Lockouts; Erlang/OTP SSH Exploit; Sonicwall Exploit; bubble.io bug

2025-04-2107:31

SANS Stormcast Friday, April 18th: Remnux Cloud Environment; Erlang/OTP SSH Vuln; Brickstorm Backdoor Analysis; GPT 4.1 Safety Controversy

2025-04-1806:18

00:00

SANS Stormcast Wednesday Apr 2nd: Apple Updates Everything;

#box-pro-ellipsis-174730721999160{-webkit-line-clamp:2;}SANS Stormcast Wednesday Apr 2nd: Apple Updates Everything;

SANS Stormcast Wednesday Apr 2nd: Apple Updates Everything;

Dr. Johannes B. Ullrich

SANS Stormcast Wednesday Apr 2nd: Apple Updates Everything;