March 2024 Microsoft Patch Tuesday and Some Super Juicy Apple Vulnerabilities

Episode 05   Published March 12, 2024 29 minute watch

Summary

March 2024 Patch Tuesday landed the same week macOS Sonoma 14.4 shipped an unusually long security release. Two Microsoft bugs stood out: CVE-2024-21400, a 9.0 elevation-of-privilege flaw in Azure Kubernetes Service Confidential Containers that the hosts read as a likely cross-tenant attack, and CVE-2024-26164, a SQL injection bug in the Django backend for SQL Server that resurrects a decades-old attack vector. The Apple updates open a longer conversation on memory safety, and Kikta connects the cluster of image-processing and WebKit bugs to the White House push toward memory-safe languages like Rust.