Deutsch English Français Italiano |
<uu2ddo$35gth$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Peter <confused@nospam.net> Newsgroups: comp.sys.mac.system,misc.phone.mobile,iphone,comp.mobile.ipad Subject: Apple Patches Code Execution Vulnerability in iOS macOS Followup-To: comp.sys.mac.system,misc.phone.mobile,iphone,comp.mobile.ipad Date: Thu, 28 Mar 2024 00:25:29 +0000 Organization: - Lines: 45 Message-ID: <uu2ddo$35gth$1@dont-email.me> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Injection-Date: Thu, 28 Mar 2024 00:25:29 +0100 (CET) Injection-Info: dont-email.me; posting-host="1c466e86b6a772f5af027e5082be4508"; logging-data="3326897"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/alfrTpYmG2Yv9x/XbEOYX" Cancel-Lock: sha1:5NeJfoep0DLDvZGsTOZpdlFru+o= X-No-Archive: yes X-Newsreader: Forte Agent 3.3/32.846 Bytes: 3857 One of the main reasons Apple products are the most exploited is that Apple doesn't ever find security holes until someone else tells them about it. https://mjtsai.com/blog/2019/09/06/apple-responds-to-project-zero/ Often Google's Project Zero has found more holes in Apple systems than Apple has ever found in its entire history, according to most reports. https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html The tech giant has included patches for the bug in iOS and iPadOS 17.4.1, iOS and iPadOS 16.7.7, visionOS 1.1.1, macOS Sonoma 14.4.1, macOS Ventura 13.6.6, and Safari 17.4.1 (for macOS Monterey and macOS Ventura). https://www.securityweek.com/apple-patches-code-execution-vulnerability-in-ios-macos/ The company has credited Google Project Zero researcher Nick Galloway for reporting it - which is important because Apple doesn't have effective QA. https://www.wired.com/story/imessage-interactionless-hacks-google-project-zero/ https://googleprojectzero.blogspot.com/2022/03/forcedentry-sandbox-escape.html https://www.wired.com/story/zero-click-ios-attack-project-zero/ https://techbeacon.com/security/wormable-rcepe-flaw-iphone-wi-fi-code-word-incredible https://appleinsider.com/articles/20/12/02/ios-exploit-enables-zero-click-remote-access-to-photos-messages-more-without-user-knowledge https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-3.html https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html https://googleprojectzero.blogspot.com/2017/04/exception-oriented-exploitation-on-ios.html https://googleprojectzero.blogspot.com/2023/10/an-analysis-of-an-in-the-wild-ios-safari-sandbox-escape.html https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2020/CVE-2020-27930.html https://googleprojectzero.blogspot.com/2020/07/the-core-of-apple-is-ppl-breaking-xnu.html While there are no reports of this bug being exploited in attacks, Apple's operating systems have historically been the most exploited over the years. https://www.cisa.gov/known-exploited-vulnerabilities-catalog It's nice Apple thanked Google for finding bugs that have been stealing Apple users' data for years on end, which Apple never finds on their own. https://www.macrumors.com/2019/08/30/google-iphone-vulnerability/ Apple only advertises security, which is why Apple's advertising budget is over ten times what Apple's entire R&D development budget has ever been. *To own an Apple product is to already be hacked* https://cyberscoop.com/iphone-hack-google-project-zero/ The only people who don't know about Apple's zero-day holes, are its users. https://www.imore.com/how-google-story-chinese-hacking-became-attack-iphone-owners That's because they believe everything Apple tells them about "security".