Rocksolid Light

Welcome to Rocksolid Light

mail  files  register  newsreader  groups  login

Message-ID:  

lp1 on fire -- One of the more obfuscated kernel messages

computers / misc.phone.mobile.iphone / Re: Apple Patches Code Execution Vulnerability in iOS macOS

SubjectAuthor
* Re: Apple Patches Code Execution Vulnerability in iOS macOSOliver
`- Re: Apple Patches Code Execution Vulnerability in iOS macOSAlan Browne

1
Re: Apple Patches Code Execution Vulnerability in iOS macOS

<uu2ejp$35p79$1@dont-email.me>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=13189&group=misc.phone.mobile.iphone#13189

  copy link   Newsgroups: comp.sys.mac.system misc.phone.mobile.iphone comp.mobile.ipad
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ollie@invalid.net (Oliver)
Newsgroups: comp.sys.mac.system,misc.phone.mobile.iphone,comp.mobile.ipad
Subject: Re: Apple Patches Code Execution Vulnerability in iOS macOS
Date: Wed, 27 Mar 2024 18:45:46 -0600
Organization: A noiseless patient Spider
Lines: 69
Message-ID: <uu2ejp$35p79$1@dont-email.me>
References: <uu2ddo$35gth$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 28 Mar 2024 00:45:46 +0100 (CET)
Injection-Info: dont-email.me; posting-host="04b23db24805162d43fb0d877d29abdb";
logging-data="3335401"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+uLhBdGmAF2u8Wg5FYQF0L"
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:B0IJSFSFCW3GIk4gKmEzrUKKijw=
Content-Language: en-CA
 by: Oliver - Thu, 28 Mar 2024 00:45 UTC

On Thu, 28 Mar 2024 00:25:29 +0000, Peter <confused@nospam.net> wrote

> Path: sewer!news.mixmin.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
> From: Peter <confused@nospam.net>
> Newsgroups: comp.sys.mac.system,misc.phone.mobile,iphone,comp.mobile.ipad
> Subject: Apple Patches Code Execution Vulnerability in iOS macOS
> Followup-To: comp.sys.mac.system,misc.phone.mobile,iphone,comp.mobile.ipad
> Date: Thu, 28 Mar 2024 00:25:29 +0000
> Organization: -
> Lines: 45
> Message-ID: <uu2ddo$35gth$1@dont-email.me>
> MIME-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: 7bit
> Injection-Date: Thu, 28 Mar 2024 00:25:29 +0100 (CET)
> Injection-Info: dont-email.me; posting-host="1c466e86b6a772f5af027e5082be4508"; logging-data="3326897"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/alfrTpYmG2Yv9x/XbEOYX"
> Cancel-Lock: sha1:5NeJfoep0DLDvZGsTOZpdlFru+o=
> X-No-Archive: yes
> X-Newsreader: Forte Agent 3.3/32.846
> Xref: sewer comp.sys.mac.system:94057 misc.phone.mobile:307 comp.mobile.ipad:48211
>
> One of the main reasons Apple products are the most exploited is that Apple
> doesn't ever find security holes until someone else tells them about it.
> https://mjtsai.com/blog/2019/09/06/apple-responds-to-project-zero/
>
> Often Google's Project Zero has found more holes in Apple systems than
> Apple has ever found in its entire history, according to most reports.
> https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
>
> The tech giant has included patches for the bug in iOS and iPadOS 17.4.1,
> iOS and iPadOS 16.7.7, visionOS 1.1.1, macOS Sonoma 14.4.1, macOS Ventura
> 13.6.6, and Safari 17.4.1 (for macOS Monterey and macOS Ventura).
> https://www.securityweek.com/apple-patches-code-execution-vulnerability-in-ios-macos/
>
> The company has credited Google Project Zero researcher Nick Galloway for
> reporting it - which is important because Apple doesn't have effective QA.
> https://www.wired.com/story/imessage-interactionless-hacks-google-project-zero/
> https://googleprojectzero.blogspot.com/2022/03/forcedentry-sandbox-escape.html
> https://www.wired.com/story/zero-click-ios-attack-project-zero/
> https://techbeacon.com/security/wormable-rcepe-flaw-iphone-wi-fi-code-word-incredible
> https://appleinsider.com/articles/20/12/02/ios-exploit-enables-zero-click-remote-access-to-photos-messages-more-without-user-knowledge
> https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-3.html
> https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html
> https://googleprojectzero.blogspot.com/2017/04/exception-oriented-exploitation-on-ios.html
> https://googleprojectzero.blogspot.com/2023/10/an-analysis-of-an-in-the-wild-ios-safari-sandbox-escape.html
> https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2020/CVE-2020-27930.html
> https://googleprojectzero.blogspot.com/2020/07/the-core-of-apple-is-ppl-breaking-xnu.html
>
> While there are no reports of this bug being exploited in attacks, Apple's
> operating systems have historically been the most exploited over the years.
> https://www.cisa.gov/known-exploited-vulnerabilities-catalog
>
> It's nice Apple thanked Google for finding bugs that have been stealing
> Apple users' data for years on end, which Apple never finds on their own.
> https://www.macrumors.com/2019/08/30/google-iphone-vulnerability/
>
> Apple only advertises security, which is why Apple's advertising budget is
> over ten times what Apple's entire R&D development budget has ever been.
>
> *To own an Apple product is to already be hacked*
> https://cyberscoop.com/iphone-hack-google-project-zero/
>
> The only people who don't know about Apple's zero-day holes, are its users.
> https://www.imore.com/how-google-story-chinese-hacking-became-attack-iphone-owners
>
> That's because they believe everything Apple tells them about "security".

Did you hear about another set of unpatchable flaws in all Apple's chips?
https://9to5mac.com/2024/03/22/unpatchable-security-flaw-mac/

Re: Apple Patches Code Execution Vulnerability in iOS macOS

<jSdNN.123452$U1cc.67015@fx04.iad>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=13201&group=misc.phone.mobile.iphone#13201

  copy link   Newsgroups: comp.sys.mac.system misc.phone.mobile.iphone comp.mobile.ipad
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!npeer.as286.net!npeer-ng0.as286.net!peer03.ams1!peer.ams1.xlned.com!news.xlned.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx04.iad.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Apple Patches Code Execution Vulnerability in iOS macOS
Content-Language: en-US
Newsgroups: comp.sys.mac.system,misc.phone.mobile.iphone,comp.mobile.ipad
References: <uu2ddo$35gth$1@dont-email.me> <uu2ejp$35p79$1@dont-email.me>
From: bitbucket@blackhole.com (Alan Browne)
In-Reply-To: <uu2ejp$35p79$1@dont-email.me>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Lines: 18
Message-ID: <jSdNN.123452$U1cc.67015@fx04.iad>
X-Complaints-To: abuse@usenetserver.com
NNTP-Posting-Date: Thu, 28 Mar 2024 13:01:03 UTC
Organization: UsenetServer - www.usenetserver.com
Date: Thu, 28 Mar 2024 09:01:03 -0400
X-Received-Bytes: 1620
 by: Alan Browne - Thu, 28 Mar 2024 13:01 UTC

On 2024-03-27 20:45, Oliver wrote:

> Did you hear about another set of unpatchable flaws in all Apple's chips?
> https://9to5mac.com/2024/03/22/unpatchable-security-flaw-mac/

Not fixable in h/w, but quite patchable in s/w. This isn't optimal, nor
is it the end of the world for Apple that the Apple haters want.

It is also one of those "if this occurs, and then that, and then this,
and then this other sort of that, and the moon is in Pisces" sort of
vulnerabilities that is demonstrable in a lab or a white paper but
implausible in the wild - and of course defensible in s/w.

--
“Patriotism is when love of your own people comes first;
nationalism, when hate for people other than your own comes first.”
- Charles de Gaulle.

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor