Three Buddy Problem - Episode 59: Apple drops another emergency iOS patch and we unpack what that “may have been exploited” language really means: zero-click chains, why notifications help but forensics don’t, and the uncomfortable truth that Lockdown Mode is increasingly the default for high-risk users. We connect the dots from ImageIO bugs to geopolitics, discuss who’s likely using these exploits, why Apple’s guidance stops short, and the practical playbook (ADP on, reboot often, reduce attack surface) that actually works.

Plus, we debate Microsoft throttling MAPP access for Chinese vendors, the idea of “letters of marque” for cyber (outsourced offense: smart deterrent or Pandora’s box?), and dissect two case studies that blur APT and crimeware: PipeMagic’s CLFS zero-day and Russia-linked “Static Tundra” riding seven-year-old Cisco bugs.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• Apple bulletin: iOS 18.6.2
• Apple discloses actively exploited zero-day affecting iOS, iPadOS and macOS
• UK drops demand for backdoor into Apple encryption
• Tulsi Gabbard on UK dropping Apple backdoor mandate
• Microsoft Curbs Early Notifications for Chinese Firms on Security Flaws
• Kaspersky report on PipeMagic
• Microsoft: Dissecting PipeMagic Backdoor Framework
• Cisco Talos on Static Tundra
• FBI advisory on end-of-life network devices
• SIM-Swapper, Scattered Spider Hacker Gets 10 Years
• Qubic Claims Majority Control of Monero Hashrate, Raising 51% Attack Fears
• State of Statecraft Call for Papers
• LABScon 2025 Speaker Roster
• Offensive AI Con
• Three Buddy Problem: LIVE in Canada