Path: ...!weretis.net!feeder9.news.weretis.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!nnrp.usenet.blueworldhosting.com!.POSTED!not-for-mail From: Andrew Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.system,comp.mobile.ipad Subject: Yet again, Apple forgot to sufficiently test desktop & iOS versions Date: Wed, 15 May 2024 01:35:05 -0000 (UTC) Organization: BWH Usenet Archive (https://usenet.blueworldhosting.com) Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Injection-Date: Wed, 15 May 2024 01:35:05 -0000 (UTC) Injection-Info: nnrp.usenet.blueworldhosting.com; logging-data="25156"; mail-complaints-to="usenet@blueworldhosting.com" Cancel-Lock: sha1:QNxgzkKTK/EZ+GJvEyPuuwz38yM= sha256:Gm97k67nAfeXylK2MsSvgNoiZ5AbRH303nMeDxuW3vE= sha1:ezqXmNkyYBrAcZEWx9/Nzx0aucQ= sha256:jFQJbNQu34F+toF6utEPSNThBPt/b8mWUT/BKDnJCLY= X-Newsreader: Mod.PiaoHong.Usenet.Client:2.02.M16 Bytes: 2927 Lines: 37 Yet again, Apple forgot to sufficiently test desktop & iOS versions. https://www.securityweek.com/apple-patch-day-code-execution-flaws-in-iphones-ipads-macos/ Apple on Monday rolled out urgent security-themed updates to its flagship mobile and desktop operating systems and warned that hackers have already exploited a new iOS vulnerability in the wild. For the umpteenth time, Cupertino's security response team documented at least 16 new vulnerabilities on iPhones and iPads that apple forgot to test for. Apple called special attention to CVE-2024-23296, a memory corruption bug in RTKit that had been exploited prior to the availability of patches. Apple RTKit is a real-time embedded OS that runs on almost all Apple devices and has been targeted in the past with exploits that bypass kernel memory protections. Apple still has not fully tested it, as usual. Even though Apple only fully updates iOS 17, Apple said the severe bug was long ago already exploited on older iOS versions and shipped iOS 16.7.8 and iPadOS 16.7.8 with fixes. A patch has also been included in the latest macOS Ventura update. Separately, Apple documented 14 new security defects in the newest iOS versions du to Apple's lack of sufficient testing and warned that some of these issues expose mobile users to code execution, data and privacy exposures, and system crashes. The company also shipped security patches for all its desktop OSes - macOS Sonoma, macOS Ventura, and macOS Monterey - and warned that these flaws enable arbitrary code execution, privilege elevation and unauthorized data access. This puts proof to the mantra that to own an Apple device is to already be hacked, where the number of exploits is ten times that of other OS's.