1. Forum
  2. Usenet
  3. COMP.MOBILE.IPAD

  • V15.0.2 is out!

    From Ant@21:1/5 to All on Tue Oct 12 03:30:11 2021
    XPost: misc.phone.mobile.iphone

    https://support.apple.com/en-us/HT212788 and https://support.apple.com/en-us/HT212846 for their release notes.
    --
    So many brokenesses, oldnesses, leaks, illnesses, videos, spams, issues, software updates, games, sins, tiredness, busyness, etc. Dang colony life! :(
    Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
    /\___/\ Ant(Dude) @ http://aqfl.net & http://antfarm.home.dhs.org.
    / /\ /\ \ Please nuke ANT if replying by e-mail.
    | |o o| |
    \ _ /
    ( )

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Robin Goodfellow@21:1/5 to Ant on Tue Oct 12 16:56:29 2021
    XPost: misc.phone.mobile.iphone

    Ant <ant@zimage.comANT> asked
    https://support.apple.com/en-us/HT212788 and https://support.apple.com/en-us/HT212846 for their release notes.

    *Nobody has more zero-day holes than does Apple*
    See also: https://support.apple.com/kb/HT201222

    What Apple doesn't tell you is this is the 17th sordid zero day vulnerability they were forced to fix not only because Apple has never sufficiently tested iOS,
    but it was and is being exploited in the wild.

    *Bindiff and POC for the IOMFB vulnerability, iOS 15.0.2*
    <https://saaramar.github.io/IOMFB_integer_overflow_poc/>

    "This attack surface is highly interesting because it's accessible from the
    app sandbox (so it's great for jailbreaks) and many other processes, making
    it a good candidate for LPEs exploits in chains (WebContent, etc.)."
    --
    *Nobody has more zero-day holes than does Apple*

    Apple Releases Urgent iPhone and iPad Updates to Patch New Zero-Day Vulnerability
    <https://thehackernews.com/2021/10/apple-releases-urgent-iphone-and-ipad.html>

    CVE-2021-1782 (Kernel) - A malicious application may be able to elevate privileges
    CVE-2021-1870 (WebKit) - A remote attacker may be able to cause arbitrary code execution
    CVE-2021-1871 (WebKit) - A remote attacker may be able to cause arbitrary code execution
    CVE-2021-1879 (WebKit) - Processing maliciously crafted web content may lead to universal cross-site scripting
    CVE-2021-30657 (System Preferences) - A malicious application may bypass Gatekeeper checks
    CVE-2021-30661 (WebKit Storage) - Processing maliciously crafted web content may lead to arbitrary code execution
    CVE-2021-30663 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
    CVE-2021-30665 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
    CVE-2021-30666 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
    CVE-2021-30713 (TCC framework) - A malicious application may be able to bypass Privacy preferences
    CVE-2021-30761 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
    CVE-2021-30762 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
    CVE-2021-30807 (IOMobileFrameBuffer) - An application may be able to execute arbitrary code with kernel privileges
    CVE-2021-30858 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
    CVE-2021-30860 (CoreGraphics) - Processing a maliciously crafted PDF may lead to arbitrary code execution
    CVE-2021-30869 (XNU) - A malicious application may be able to execute arbitrary code with kernel privileges

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)