Three Buddy Problem

Zero-day reality check: iOS exploits, MAPP in China and the hack-back temptation


Listen Later

Three Buddy Problem - Episode 59: Apple drops another emergency iOS patch and we unpack what that “may have been exploited” language really means: zero-click chains, why notifications help but forensics don’t, and the uncomfortable truth that Lockdown Mode is increasingly the default for high-risk users. We connect the dots from ImageIO bugs to geopolitics, discuss who’s likely using these exploits, why Apple’s guidance stops short, and the practical playbook (ADP on, reboot often, reduce attack surface) that actually works.

Plus, we debate Microsoft throttling MAPP access for Chinese vendors, the idea of “letters of marque” for cyber (outsourced offense: smart deterrent or Pandora’s box?), and dissect two case studies that blur APT and crimeware: PipeMagic’s CLFS zero-day and Russia-linked “Static Tundra” riding seven-year-old Cisco bugs.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

  • Transcript (unedited, AI-generated)
  • Apple bulletin: iOS 18.6.2
  • Apple discloses actively exploited zero-day affecting iOS, iPadOS and macOS
  • UK drops demand for backdoor into Apple encryption
  • Tulsi Gabbard on UK dropping Apple backdoor mandate
  • Microsoft Curbs Early Notifications for Chinese Firms on Security Flaws
  • Kaspersky report on PipeMagic
  • Microsoft: Dissecting PipeMagic Backdoor Framework
  • Cisco Talos on Static Tundra
  • FBI advisory on end-of-life network devices
  • SIM-Swapper, Scattered Spider Hacker Gets 10 Years
  • Qubic Claims Majority Control of Monero Hashrate, Raising 51% Attack Fears
  • State of Statecraft Call for Papers
  • LABScon 2025 Speaker Roster
  • Offensive AI Con
  • Three Buddy Problem: LIVE in Canada
  • ...more
    View all episodesView all episodes
    Download on the App Store

    Three Buddy ProblemBy Security Conversations

    • 4.9
    • 4.9
    • 4.9
    • 4.9
    • 4.9

    4.9

    61 ratings


    More shows like Three Buddy Problem

    View all
    Hacked by Hacked

    Hacked

    188 Listeners

    Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

    Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

    369 Listeners

    Risky Business by Risky Business Media

    Risky Business

    376 Listeners

    SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

    SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

    648 Listeners

    CyberWire Daily by N2K Networks

    CyberWire Daily

    1,030 Listeners

    Smashing Security by Graham Cluley

    Smashing Security

    316 Listeners

    Click Here by Recorded Future News

    Click Here

    421 Listeners

    Darknet Diaries by Jack Rhysider

    Darknet Diaries

    8,059 Listeners

    Cybersecurity Today by Jim Love

    Cybersecurity Today

    178 Listeners

    Hacking Humans by N2K Networks

    Hacking Humans

    313 Listeners

    CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

    CISO Series Podcast

    192 Listeners

    Defense in Depth by CISO Series

    Defense in Depth

    73 Listeners

    Cybersecurity Headlines by CISO Series

    Cybersecurity Headlines

    136 Listeners

    Risky Bulletin by Risky Business Media

    Risky Bulletin

    45 Listeners

    The 404 Media Podcast by 404 Media

    The 404 Media Podcast

    392 Listeners