SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Wednesday Apr 2nd: Apple Updates Everything;

Apr 2, 2025

Apple rolled out essential security updates across all its platforms, patching 145 vulnerabilities, including fixes for previously exploited issues. Meanwhile, VMWare's automatic update checks are currently malfunctioning due to recent transitions. The podcast also discusses SQL injection vulnerabilities in NIM's Postgres library, which mishandles prepared statements, emphasizing the importance of secure coding practices. A must-listen for anyone concerned about cybersecurity!

07:16

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Apple addressed 145 vulnerabilities across all its operating systems, including patches for actively exploited issues in older macOS and iOS versions.

The NIM programming language's Postgres library poses security risks due to improper handling of prepared statements, highlighting vulnerabilities to SQL injection attacks.

Deep dives

Apple's Recent Security Updates

Apple released comprehensive updates across its operating systems, addressing a total of 145 vulnerabilities. Notably, vulnerabilities that had been actively exploited in the wild were patched for older versions of macOS and iOS, including a WebKit vulnerability and a USB restriction issue. Users are cautioned about potential challenges when downloading the watchOS update, attributed to server stresses and AI feature enablement requiring large downloads. Although no critical issues were identified in the newer updates, users of older hardware should prioritize applying security patches for known vulnerabilities.

Apple's Comprehensive Security Updates and Vulnerability Insights

5min

Understanding Vulnerabilities in Postgres Prepared Statements

2min

Apple Patches Everything
Apple released updates for all of its operating systems. Most were released on Monday with WatchOS patches released today on Tuesday. Two already exploited vulnerabilities, which were already patched in the latest iOS and macOS versions, are now patched for older operating systems as well. A total of 145 vulnerabilities were patched.
https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20March%2031st%202025%20Edition/31816
VMWare Workstation and Fusion update check broken
VMWare s automatic update check in its Workstation and Fusion products is currently broken due to a redirect added as part of the Broadcom transition
https://community.broadcom.com/vmware-cloud-foundation/question/certificate-error-is-occured-during-connecting-update-server
NIM Postgres Vulnerability
NIM Developers using prepared statements to send SQL queries to Postgres may expose themselves to a SQL injection vulnerability. NIM s Postgres library does not appear to use actual prepared statements; instead, it assembles the code and the user data as a string and passes them on to the database. This may lead to a SQL injection vulnerability
https://blog.nns.ee/2025/03/28/nim-postgres-vulnerability/

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Wednesday Apr 2nd: Apple Updates Everything;

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Apple's Recent Security Updates

Vulnerability in NIM and SQL Injection Risks

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights