1. Forum
  2. Usenet
  3. COMP.MOBILE.IPAD

  • Apple Releases Urgent iPhone and iPad Updates to Patch New Zero-Day Vul

    From Robin Goodfellow@21:1/5 to All on Tue Oct 12 07:10:54 2021
    XPost: misc.phone.mobile.iphone

    It never ends...
    "Apple on Monday released a security update for iOS and iPad to address a
    critical vulnerability that it says is being exploited in the wild,
    making it the 17th zero-day flaw the company has addressed in its
    products since the start of the year."

    *Nobody has more zero-day holes than Apple.*
    And it's never Apple who finds these zero-day holes.

    Apple has _never_ sufficiently tested its operating systems, ever.
    There are huge portions of the OS code that can't possibly have been tested.

    Yet again, Apple forgot to test iOS and zero-day holes are the result.

    Apple Releases Urgent iPhone and iPad Updates to Patch New Zero-Day Vulnerability
    <https://thehackernews.com/2021/10/apple-releases-urgent-iphone-and-ipad.html>

    CVE-2021-1782 (Kernel) - A malicious application may be able to elevate privileges
    CVE-2021-1870 (WebKit) - A remote attacker may be able to cause arbitrary code execution
    CVE-2021-1871 (WebKit) - A remote attacker may be able to cause arbitrary code execution
    CVE-2021-1879 (WebKit) - Processing maliciously crafted web content may lead to universal cross-site scripting
    CVE-2021-30657 (System Preferences) - A malicious application may bypass Gatekeeper checks
    CVE-2021-30661 (WebKit Storage) - Processing maliciously crafted web content may lead to arbitrary code execution
    CVE-2021-30663 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
    CVE-2021-30665 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
    CVE-2021-30666 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
    CVE-2021-30713 (TCC framework) - A malicious application may be able to bypass Privacy preferences
    CVE-2021-30761 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
    CVE-2021-30762 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
    CVE-2021-30807 (IOMobileFrameBuffer) - An application may be able to execute arbitrary code with kernel privileges
    CVE-2021-30858 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
    CVE-2021-30860 (CoreGraphics) - Processing a maliciously crafted PDF may lead to arbitrary code execution
    CVE-2021-30869 (XNU) - A malicious application may be able to execute arbitrary code with kernel privileges

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)