XPost: misc.phone.mobile.iphone, comp.sys.mac.apps
Jolly Roger <
jollyroger@pobox.com> asked
"Patching known vulnerabilities quickly is bad, y'all!"
Idiot trolls can GTFO...
What Steve and any sensible person is worried about is the sheer number of exploited zero-day holes in iOS - which is far larger than _any_ OS alive.
In terms of zero day holes exploited in the wild, *nobody is as bad as Apple*. Nobody.
*Apple has a whopping zero-day hole a month to its operating system*
(because Apple has _never_ even once fully tested any software it ships!)
But in the last 9-1/2 months, *Apple added 17 zero-day holes alone*!
That's a spectacularly sordid _two_ zero-day exploits every month, JR.
*Nobody has this many zero-day holes*, Jolly Roger.
Nobody.
Just Apple.
--
Project Zero proved Apple has never even once tested their released code! CVE-2021-1782 (Kernel) - A malicious application may be able to elevate privileges
CVE-2021-1870 (WebKit) - A remote attacker may be able to cause arbitrary code execution
CVE-2021-1871 (WebKit) - A remote attacker may be able to cause arbitrary code execution
CVE-2021-1879 (WebKit) - Processing maliciously crafted web content may lead to universal cross-site scripting
CVE-2021-30657 (System Preferences) - A malicious application may bypass Gatekeeper checks
CVE-2021-30661 (WebKit Storage) - Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2021-30663 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2021-30665 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2021-30666 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2021-30713 (TCC framework) - A malicious application may be able to bypass Privacy preferences
CVE-2021-30761 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2021-30762 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2021-30807 (IOMobileFrameBuffer) - An application may be able to execute arbitrary code with kernel privileges
CVE-2021-30858 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2021-30860 (CoreGraphics) - Processing a maliciously crafted PDF may lead to arbitrary code execution
CVE-2021-30869 (XNU) - A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2021-30883 (WebContent) - A memory corruption in the app sandbox making for good LPE exploits in chains
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)