I am openly admitting I made a mistake today which Dorper
kindly caught, in that the actively exploited zero-day hole
which has been exploiting a "quite extensive" list of Apple
devices (see list below) for years - was a _local_ exploit!

See details below where I commend Dorper for his adult
cognitive skills - which - let's face it - are rare here.

Dorper <usenet@dorper.me> wrote

>> hackers don't even need to be within a thousand miles of your phone to
>> completely and fully take it over any time they want to - for years!
>
>> A local attacker may be able to elevate their privileges.
>> Apple is aware of a report that this issue may have been actively
>> exploited against versions of iOS before iOS 16.6.
>
> Wally would you mind explaining what the word "local" means?

You're right! I made a minor mistake - but it's a mistake nonetheless.
And you caught it.

Thanks for pointing that out.

Wow. An intelligent person on the Apple newsgroup.
Now that's a shock.

I'm not used to people like you on the Apple newsgroups, Dorper.
"The zero-day (CVE-2023-42824) is caused by a weakness discovered
in the XNU kernel that enables *local* attackers to escalate
privileges on unpatched iPhones and iPads."

"The list of impacted devices is quite extensive, and it includes:
iPhone XS and later, plus
iPad Pro 12.9-inch 2nd generation and later, plus
iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, plus
iPad Air 3rd generation and later, plus
iPad 6th generation and later, plus
and iPad mini 5th generation and later"

Kudos to you for being able to comprehend at the adult detail level!
(All the iKooks ever do is deny every fact about Apple ever existing.)

<https://www.bleepingcomputer.com/news/apple/apple-emergency-update-fixes-new-zero-day-used-to-hack-iphones/>

I agree with you (as I never disagree with any sensible statement).
<https://support.apple.com/en-us/HT213961>

You're completely correct that I was referring to the long-exploited
security hole in iOS before 16.6 to now - which was a "local" exploit!

Everything I said was correct _except_ for the thousand miles in
that one case - but let's look at the other zero-days in this release.
libvpx 1.13.1 [CVE-2023-5217]
"Apple also addressed a zero-day tracked as CVE-2023-5217
and caused by a heap buffer overflow weakness in the VP8 encoding
of the open-source libvpx video codec library."

Notice iOS has two to three times the number of zero-day holes than
does Android - and more than ten times the active exploits...
"17 zero-days exploited in attacks fixed this year"

Where the main reason iOS is so incredibly insecure is mostly due to
the primitive monolithic release mechanism that only Apple uses.

Nobody. Nobody at all. Nobody else who makes an OS uses the primitive
monolithic system that Apple uses - and all support more than 1 release!

Because of that, Apple will _always_ have the least secure devices
(because it gives attackers tons & tons of time to attack - that's why).
--
My job on the child-like Apple newsgroups is to bring up the truth
and to show the ignorant low-IQ uneducated iKooks for what they are.