SANS Stormcast Tuesday, May 12th, 2026: Apple Patches; Encrypted RCS; CAPTCHAs; Checkmarx vs TeamPCP;

Apple’s May 12 patch cycle delivered updates for iOS, iPadOS, macOS Sonoma, tvOS, watchOS and the newly named missionOS, addressing roughly 80 security flaws. While the vulnerability count aligns with the company’s historical average, the breadth of affected platforms underscores the importance of timely patch management for corporate fleets. Enterprises that rely on Apple devices must prioritize rapid deployment to mitigate risks such as privilege escalation and information leakage. The update also bundles minor feature enhancements, but the security fixes remain the headline for IT security teams monitoring the ecosystem.

The same release introduces end‑to‑end encrypted RCS messaging, finally giving Apple users a secure alternative to SMS. Encryption activates when both parties run the latest iOS version or when an iPhone communicates with an Android device running Google’s updated Messenger app. A lock icon and “encrypted” label appear in the conversation window, providing visual confirmation. However, full adoption depends on carrier support, and inconsistent indicators could confuse users. Nonetheless, the feature marks a significant step toward protecting mobile communications against interception and spoofing, a priority for businesses handling sensitive data.

Johannes also reported that the site’s new captcha system blocked 99 % of automated requests, allowing only one out of 300 hits to reach data‑intensive pages. This demonstrates that modern bot‑filtering can preserve bandwidth and protect APIs from abuse. In parallel, Checkmarx’s Jenkins AST plugin faced a supply‑chain attack when Team PCP released a tampered version on the Jenkins Marketplace over a weekend. Users are urged to verify plugin checksums against the Checkmarx advisory and prefer the official API for data access. These incidents highlight the need for layered defenses and vigilant software‑supply monitoring.