

SANS Stormcast Tuesday, May 12th: Apple Patches; Unipi Technologies Scans;
May 13, 2025
Apple has released extensive updates to fix vulnerabilities across its operating systems. The discussion highlights the ongoing issue of default IoT passwords, specifically how the Mirai botnet is targeting Unipi devices. A critical flaw in the Output Messenger app is being exploited in sophisticated attacks, and there’s good news for Commvault users, as their recent patch successfully addresses a vulnerability. Plus, there’s a mention of an upcoming honeypot workshop that you won’t want to miss!
AI Snips
Chapters
Transcript
Episode notes
Urgent Apple Patches Released
- Apple patched 65 vulnerabilities across macOS and iOS, including ones actively exploited.
- Users should update their systems promptly, especially older versions back to macOS Ventura (13).
Legacy Vulnerabilities Persist
- Devices by Unipi Technology still use default username and password, exposing them to Mirai botnet attacks.
- The malware also exploits a Netgear vulnerability from 2013 that was assigned a CVE only recently.
Patch Output Messenger Now
- Output Messenger has a path traversal vulnerability actively exploited by attackers targeting Middle East and Europe.
- Update Output Messenger quickly to prevent attackers from accessing sensitive files or controlling local servers.