Deutsch English Français Italiano |
<v216ba$2maf$1@nnrp.usenet.blueworldhosting.com> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder9.news.weretis.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!nnrp.usenet.blueworldhosting.com!.POSTED!not-for-mail From: Andrew <andrew@spam.net> Newsgroups: misc.phone.mobile.iphone,comp.mobile.ipad,comp.sys.mac.system Subject: Apple zero-day hole in MarketplaceKit tracks iOS users & the fix breaks alternative marketplace Date: Wed, 15 May 2024 02:23:39 -0000 (UTC) Organization: BWH Usenet Archive (https://usenet.blueworldhosting.com) Message-ID: <v216ba$2maf$1@nnrp.usenet.blueworldhosting.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Injection-Date: Wed, 15 May 2024 02:23:39 -0000 (UTC) Injection-Info: nnrp.usenet.blueworldhosting.com; logging-data="88399"; mail-complaints-to="usenet@blueworldhosting.com" Cancel-Lock: sha1:FogzUU0QwdkaZnePPJIzxmTsVFk= sha256:ITGTfXlZsIH9N9wj54klFtL97RtUcmXIJPBLOqMHLUE= sha1:/MooIH/lOVdWXNOtAnZHj7fJ3UU= sha256:dPe0m9CVughe5//b4FjEEOiVNDVAFLrE5RrSnYDX91U= X-Newsreader: Mod.PiaoHong.Usenet.Client:2.02.M16 Bytes: 2988 Lines: 33 On Monday, Apple backported the patch for CVE-2024-23296 to the iOS 16 branch and has fixed another hole Apple QA missed (yet again) in MarketplaceKit which enabled maliciously crafted webpages to distribute a script that tracks iOS users on other webpages. (CVE-2024-27852) Users running the iOS and iPadOS 17 branch can grab the latest update that fixes many different vulnerabilities. Among them is CVE-2024-27852, a bug in the MarketplaceKit that could allow sites to track iOS users. Even worse than iOS, the update for macOS Sonoma carries fixes for 22 vulnerabilities that Apple QA (yet again) forgot to test for, where there were also a handful of updates for macOS Ventura and Monterey that Apple missed (yet again) in QA. The fix for the RTKit zero-day (CVE-2024-23296) - which has been patched in iOS and iPadOS 17.4, macOS Sonoma, watchOS, tvOS and visionOS in March 2024 after reports of in-the-wild exploitation - has been backported only to Ventura, iOS 16.7.8 and iPadOS 16.7.8 (for now). In March 2023, Apple has introduced a new URI scheme in iOS 17.4 to allow EU users to install alternative (third-party) marketplace apps from developers' websites. Unfortunately, faults in the scheme's implementation allow it to be misused for cross-site tracking - as Talal Haj Bakry and Tommy Mysk of Mysk Inc. discovered. The newest iOS/iPadOS update for the most recent branch will fix this vulnerability that Apple missed (yet again); but the researchers also warned users in the EU not to delete their alternative marketplace apps, because the update breaks alternative marketplace app re-installation. "MarketplaceKit now generates a different client_id every time it is called. Now there's no way for alternative marketplace developers to identify users who have already purchased the marketplace app," they explained.