SANS Stormcast Thursday, September 11th, 2025: BASE64 in DNS; Google Chrome, Ivantii and Sophos Patches; Apple Memory Integrity Feature

BASE64 Over DNS
The base64 character set exceeds what is allowable in DNS. However, some implementations will work even with these invalid characters.
https://isc.sans.edu/diary/BASE64%20Over%20DNS/32274
Google Chrome Update
Google released an update for Google Chrome, addressing two vulnerabilities. One of the vulnerabilities is rated critical and may allow code execution.
https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html
Ivanti Updates
Ivanti patched a number of vulnerabilities, several of them critical, across its product portfolio.
https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs
Sophos Patches
Sophos resolved authentication bypass vulnerability in Sophos AP6 series wireless access point firmware (CVE-2025-10159)
https://www.sophos.com/en-us/security-advisories/sophos-sa-20250909-ap6
Apple Introduces Memory Integrity Enforcement
With the new hardware promoted in yesterday s event, Apple also introduced new memory integrity features based on this new hardware.
https://security.apple.com/blog/memory-integrity-enforcement/