1. Forum
  2. Usenet
  3. COMP.MOBILE.IPAD

  • Yet again, Apple forgot to sufficiently test desktop & iOS versions

    From Andrew@21:1/5 to All on Wed May 15 01:35:05 2024
    XPost: misc.phone.mobile.iphone, comp.sys.mac.system

    Yet again, Apple forgot to sufficiently test desktop & iOS versions. https://www.securityweek.com/apple-patch-day-code-execution-flaws-in-iphones-ipads-macos/

    Apple on Monday rolled out urgent security-themed updates to its flagship mobile and desktop operating systems and warned that hackers have already exploited a new iOS vulnerability in the wild.

    For the umpteenth time, Cupertino's security response team documented at
    least 16 new vulnerabilities on iPhones and iPads that apple forgot to test for.

    Apple called special attention to CVE-2024-23296, a memory corruption bug
    in RTKit that had been exploited prior to the availability of patches.

    Apple RTKit is a real-time embedded OS that runs on almost all Apple
    devices and has been targeted in the past with exploits that bypass kernel memory protections. Apple still has not fully tested it, as usual.

    Even though Apple only fully updates iOS 17, Apple said the severe bug was
    long ago already exploited on older iOS versions and shipped iOS 16.7.8 and iPadOS 16.7.8 with fixes. A patch has also been included in the latest
    macOS Ventura update.

    Separately, Apple documented 14 new security defects in the newest iOS
    versions du to Apple's lack of sufficient testing and warned that some of
    these issues expose mobile users to code execution, data and privacy
    exposures, and system crashes.

    The company also shipped security patches for all its desktop OSes - macOS Sonoma, macOS Ventura, and macOS Monterey - and warned that these flaws
    enable arbitrary code execution, privilege elevation and unauthorized data access.

    This puts proof to the mantra that to own an Apple device is to already be hacked, where the number of exploits is ten times that of other OS's.
    <https://www.cisa.gov/known-exploited-vulnerabilities-catalog>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jolly Roger@21:1/5 to Andrew on Wed May 15 03:01:31 2024
    XPost: misc.phone.mobile.iphone, comp.sys.mac.system

    On 2024-05-15, Andrew <andrew@spam.net> wrote:
    Yet again, Apple forgot to sufficiently test desktop & iOS versions.

    Samsung has just released an update for its flagship devices—this
    includes two ‘critical’ security fixes, one of which is late and should
    be installed urgently....

    Samsung is on a roll, and its flagship Galaxy users are again being
    given an early look at the new Android monthly security update almost as
    soon as Google reveals details of the urgent fixes being released this
    time around.

    That said, it’s not all smooth running. One critical fix that Google
    included in its April security release is only just being made available
    by Samsung now—this Qualcomm modem issue could potentially lead to a
    memory corruption issue during a secure comms “handshake,” and such
    memory vulnerabilities open doors to exploitation.

    The other critical fix for May impacts the phone’s change log process,
    which could lead to “local escalation of privilege with no additional execution privileges needed.”

    Details—as ever—remain scarce for now, but Google says the critical tag “is based on the effect that exploiting the vulnerability would possibly
    have on an affected device.” Such an attack in isolation would require “platform and service mitigations” to be off, but vulnerabilities can be exploited as part of a more sophisticated chain attack.

    Over the coming days, Galaxy users will see the updates made available
    as per usual—dependent upon region and carrier. Samsung will focus on
    its newest, priciest devices first, and then work down the list. Owners
    of older, cheaper devices may already be on a quarterly schedule—or
    worse. You can find details here:

    <https://security.samsungmobile.com/workScope.smsb>

    --
    E-mail sent to this address may be devoured by my ravenous SPAM filter.
    I often ignore posts from Google. Use a real news client instead.

    JR

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?Q?J=C3=B6rg_Lorenz?=@21:1/5 to Jolly Roger on Wed May 15 07:42:26 2024
    XPost: misc.phone.mobile.iphone, comp.sys.mac.system

    On 15.05.24 05:01, Jolly Roger wrote:
    On 2024-05-15, Andrew <andrew@spam.net> wrote:
    Yet again, Apple forgot to sufficiently test desktop & iOS versions.

    Samsung has just released an update for its flagship devices—this
    includes two ‘critical’ security fixes, one of which is late and should be installed urgently....

    Do you think you will ever learn to keep your fingers still to avoid
    feeding this Troll?

    --
    "Alea iacta est." (Julius Caesar)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jolly Roger@21:1/5 to hugybear@gmx.net on Wed May 15 14:59:25 2024
    XPost: misc.phone.mobile.iphone, comp.sys.mac.system

    On 2024-05-15, Jörg Lorenz <hugybear@gmx.net> wrote:
    On 15.05.24 05:01, Jolly Roger wrote:
    On 2024-05-15, Andrew <andrew@spam.net> wrote:
    Yet again, Apple forgot to sufficiently test desktop & iOS versions.

    Samsung has just released an update for its flagship devices—this
    includes two ‘critical’ security fixes, one of which is late and
    should be installed urgently....

    Do you think you will ever learn to keep your fingers still to avoid
    feeding this Troll?

    Do you think you will ever stop contributing to these threads? You seem
    to have a big problem with it yourself.

    --
    E-mail sent to this address may be devoured by my ravenous SPAM filter.
    I often ignore posts from Google. Use a real news client instead.

    JR

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andrew@21:1/5 to All on Wed May 15 19:04:48 2024
    XPost: misc.phone.mobile.iphone, comp.sys.mac.system

    Bear in mind I stated a fact that was relevant to the subject line,
    and which was temporal and which affected those in the newsgroup line.

    You're welcome to filter me out but if you do, you lose those facts.

    Jolly Roger and Joerg Lorenz only provided negative value in noise.
    a. Joerg I don't see but he's nothing but a jughead of no value.
    b. Jolly Roger is using classic whataboutism to deflect from the subject
    <https://en.wikipedia.org/wiki/Whataboutism>
    "Whataboutism or whataboutery (as in "what about...?") is a
    pejorative for the strategy of responding to an accusation
    with a counter-accusation instead of a defense of the
    original accusation. From a logical and argumentative point
    of view, whataboutism is considered a variant of the tu-quoque
    pattern (Latin 'you too', term for a counter-accusation),
    which is a subtype of the ad-hominem argument.
    The communication intent is often to distract from the content
    of a topic (red herring). "

    What Jolly Roger is trying to do is distract the topic away from
    the fact that the data was correct about the Apple zero-day holes.

    Jolly Roger used his classic ad hominem attack to deflect from that.

    It's classic because Jolly Roger has no defense to the facts.
    And Joerg... well... everyone has him filtered out already, don't they?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)