Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

BOFH excuse #329: Server depressed, needs Prozac

comp / comp.mobile.ipad / Re: Yet again, Apple forgot to sufficiently test desktop & iOS versions

SubjectAuthor
* Yet again, Apple forgot to sufficiently test desktop & iOS versionsAndrew
`* Re: Yet again, Apple forgot to sufficiently test desktop & iOS versionsJolly Roger
 `* Re: Yet again, Apple forgot to sufficiently test desktop & iOS versionsJörg Lorenz
  `* Re: Yet again, Apple forgot to sufficiently test desktop & iOS versionsJolly Roger
   `- Re: Yet again, Apple forgot to sufficiently test desktop & iOS versionsAndrew

1
Subject: Yet again, Apple forgot to sufficiently test desktop & iOS versions
From: Andrew
Newsgroups: misc.phone.mobile.iphone, comp.sys.mac.system, comp.mobile.ipad
Organization: BWH Usenet Archive (https://usenet.blueworldhosting.com)
Date: Wed, 15 May 2024 01:35 UTC
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!nnrp.usenet.blueworldhosting.com!.POSTED!not-for-mail
From: andrew@spam.net (Andrew)
Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.system,comp.mobile.ipad
Subject: Yet again, Apple forgot to sufficiently test desktop & iOS versions
Date: Wed, 15 May 2024 01:35:05 -0000 (UTC)
Organization: BWH Usenet Archive (https://usenet.blueworldhosting.com)
Message-ID: <v213g8$oi4$1@nnrp.usenet.blueworldhosting.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 15 May 2024 01:35:05 -0000 (UTC)
Injection-Info: nnrp.usenet.blueworldhosting.com;
logging-data="25156"; mail-complaints-to="usenet@blueworldhosting.com"
Cancel-Lock: sha1:QNxgzkKTK/EZ+GJvEyPuuwz38yM= sha256:Gm97k67nAfeXylK2MsSvgNoiZ5AbRH303nMeDxuW3vE=
sha1:ezqXmNkyYBrAcZEWx9/Nzx0aucQ= sha256:jFQJbNQu34F+toF6utEPSNThBPt/b8mWUT/BKDnJCLY=
X-Newsreader: Mod.PiaoHong.Usenet.Client:2.02.M16
View all headers

Yet again, Apple forgot to sufficiently test desktop & iOS versions.
https://www.securityweek.com/apple-patch-day-code-execution-flaws-in-iphones-ipads-macos/

Apple on Monday rolled out urgent security-themed updates to its flagship
mobile and desktop operating systems and warned that hackers have already
exploited a new iOS vulnerability in the wild.

For the umpteenth time, Cupertino's security response team documented at
least 16 new vulnerabilities on iPhones and iPads that apple forgot to test
for.

Apple called special attention to CVE-2024-23296, a memory corruption bug
in RTKit that had been exploited prior to the availability of patches.

Apple RTKit is a real-time embedded OS that runs on almost all Apple
devices and has been targeted in the past with exploits that bypass kernel
memory protections. Apple still has not fully tested it, as usual.

Even though Apple only fully updates iOS 17, Apple said the severe bug was
long ago already exploited on older iOS versions and shipped iOS 16.7.8 and
iPadOS 16.7.8 with fixes. A patch has also been included in the latest
macOS Ventura update.

Separately, Apple documented 14 new security defects in the newest iOS
versions du to Apple's lack of sufficient testing and warned that some of
these issues expose mobile users to code execution, data and privacy
exposures, and system crashes.

The company also shipped security patches for all its desktop OSes - macOS
Sonoma, macOS Ventura, and macOS Monterey - and warned that these flaws
enable arbitrary code execution, privilege elevation and unauthorized data
access.

This puts proof to the mantra that to own an Apple device is to already be
hacked, where the number of exploits is ten times that of other OS's.
<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>

Subject: Re: Yet again, Apple forgot to sufficiently test desktop & iOS versions
From: Jolly Roger
Newsgroups: misc.phone.mobile.iphone, comp.sys.mac.system, comp.mobile.ipad
Organization: People for the Ethical Treatment of Pirates
Date: Wed, 15 May 2024 03:01 UTC
References: 1
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!news.building-m.net!news.quux.org!news.szaf.org!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: jollyroger@pobox.com (Jolly Roger)
Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.system,comp.mobile.ipad
Subject: Re: Yet again, Apple forgot to sufficiently test desktop & iOS
versions
Date: 15 May 2024 03:01:31 GMT
Organization: People for the Ethical Treatment of Pirates
Lines: 41
Message-ID: <laimsbFmkmhU5@mid.individual.net>
References: <v213g8$oi4$1@nnrp.usenet.blueworldhosting.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net A7ga/QoXFIh/DmadlqZNqQtuuBFqH7C+qNsipgGMLELYfbSzzP
Cancel-Lock: sha1:ATOuyQ/UQbS8yRFlBU/GJm3clgg= sha256:UuASVtcAP9kCGlpqqGfHs/tveXT3OOgusruipzSnO2Y=
Mail-Copies-To: nobody
X-Face: _.g>n!a$f3/H3jA]>9pN55*5<`}Tud57>1<n@LQ!aZ7vLO_nWbK~@T'XIS0,oAJcU.qLM
dk/j8Udo?O"o9B9Jyx+ez2:B<nx(k3EdHnTvB]'eoVaR495,Rv~/vPa[e^JI+^h5Zk*i`Q;ezqDW<
ZFs6kmAJWZjOH\8[$$7jm,Ogw3C_%QM'|H6nygNGhhl+@}n30Nz(^vWo@h>Y%b|b-Y~()~\t,LZ3e
up1/bO{=-)
User-Agent: slrn/1.0.3 (Darwin)
View all headers

On 2024-05-15, Andrew <andrew@spam.net> wrote:
> Yet again, Apple forgot to sufficiently test desktop & iOS versions.

Samsung has just released an update for its flagship devices—this
includes two ‘critical’ security fixes, one of which is late and should
be installed urgently....

Samsung is on a roll, and its flagship Galaxy users are again being
given an early look at the new Android monthly security update almost as
soon as Google reveals details of the urgent fixes being released this
time around.

That said, it’s not all smooth running. One critical fix that Google
included in its April security release is only just being made available
by Samsung now—this Qualcomm modem issue could potentially lead to a
memory corruption issue during a secure comms “handshake,” and such
memory vulnerabilities open doors to exploitation.

The other critical fix for May impacts the phone’s change log process,
which could lead to “local escalation of privilege with no additional
execution privileges needed.”

Details—as ever—remain scarce for now, but Google says the critical tag
“is based on the effect that exploiting the vulnerability would possibly
have on an affected device.” Such an attack in isolation would require
“platform and service mitigations” to be off, but vulnerabilities can be
exploited as part of a more sophisticated chain attack.

Over the coming days, Galaxy users will see the updates made available
as per usual—dependent upon region and carrier. Samsung will focus on
its newest, priciest devices first, and then work down the list. Owners
of older, cheaper devices may already be on a quarterly schedule—or
worse. You can find details here:

<https://security.samsungmobile.com/workScope.smsb>

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

Subject: Re: Yet again, Apple forgot to sufficiently test desktop & iOS versions
From: Jörg Lorenz
Newsgroups: misc.phone.mobile.iphone, comp.sys.mac.system, comp.mobile.ipad
Organization: Camembert Normand au Lait Cru
Date: Wed, 15 May 2024 05:42 UTC
References: 1 2
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: hugybear@gmx.net (Jörg Lorenz)
Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.system,comp.mobile.ipad
Subject: Re: Yet again, Apple forgot to sufficiently test desktop & iOS
versions
Date: Wed, 15 May 2024 07:42:26 +0200
Organization: Camembert Normand au Lait Cru
Lines: 13
Message-ID: <v21i02$msue$2@dont-email.me>
References: <v213g8$oi4$1@nnrp.usenet.blueworldhosting.com>
<laimsbFmkmhU5@mid.individual.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 15 May 2024 07:42:26 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="de4e7d462515f7db9c2f02ce29051453";
logging-data="750542"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+eNFFe9BExiLtdVGqJqTSKPibd7zPp7h8="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:115.0) Gecko/20100101
Betterbird/115.10.0
Cancel-Lock: sha1:H8FaNM88a/gay1YPrZ54OifPXww=
In-Reply-To: <laimsbFmkmhU5@mid.individual.net>
Content-Language: de-CH, en-GB
View all headers

On 15.05.24 05:01, Jolly Roger wrote:
> On 2024-05-15, Andrew <andrew@spam.net> wrote:
>> Yet again, Apple forgot to sufficiently test desktop & iOS versions.
>
> Samsung has just released an update for its flagship devices—this
> includes two ‘critical’ security fixes, one of which is late and should
> be installed urgently....

Do you think you will ever learn to keep your fingers still to avoid
feeding this Troll?

--
"Alea iacta est." (Julius Caesar)

Subject: Re: Yet again, Apple forgot to sufficiently test desktop & iOS versions
From: Jolly Roger
Newsgroups: misc.phone.mobile.iphone, comp.sys.mac.system, comp.mobile.ipad
Organization: People for the Ethical Treatment of Pirates
Date: Wed, 15 May 2024 14:59 UTC
References: 1 2 3
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: jollyroger@pobox.com (Jolly Roger)
Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.system,comp.mobile.ipad
Subject: Re: Yet again, Apple forgot to sufficiently test desktop & iOS
versions
Date: 15 May 2024 14:59:25 GMT
Organization: People for the Ethical Treatment of Pirates
Lines: 20
Message-ID: <lak0udFsppbU2@mid.individual.net>
References: <v213g8$oi4$1@nnrp.usenet.blueworldhosting.com>
<laimsbFmkmhU5@mid.individual.net> <v21i02$msue$2@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net BbXtC7iV5NqmpkK9lxegHwVVKBrpRe9gW1ybxrg1MCmeCrGGUw
Cancel-Lock: sha1:r02qaFzBQovHlFtYA6bo9FM57vU= sha256:0gwQMw5XHblBVVOFoXi5eazjYJtc8XNdvvcAQmBi+Bc=
Mail-Copies-To: nobody
X-Face: _.g>n!a$f3/H3jA]>9pN55*5<`}Tud57>1<n@LQ!aZ7vLO_nWbK~@T'XIS0,oAJcU.qLM
dk/j8Udo?O"o9B9Jyx+ez2:B<nx(k3EdHnTvB]'eoVaR495,Rv~/vPa[e^JI+^h5Zk*i`Q;ezqDW<
ZFs6kmAJWZjOH\8[$$7jm,Ogw3C_%QM'|H6nygNGhhl+@}n30Nz(^vWo@h>Y%b|b-Y~()~\t,LZ3e
up1/bO{=-)
User-Agent: slrn/1.0.3 (Darwin)
View all headers

On 2024-05-15, Jörg Lorenz <hugybear@gmx.net> wrote:
> On 15.05.24 05:01, Jolly Roger wrote:
>> On 2024-05-15, Andrew <andrew@spam.net> wrote:
>>> Yet again, Apple forgot to sufficiently test desktop & iOS versions.
>>
>> Samsung has just released an update for its flagship devices—this
>> includes two ‘critical’ security fixes, one of which is late and
>> should be installed urgently....
>
> Do you think you will ever learn to keep your fingers still to avoid
> feeding this Troll?

Do you think you will ever stop contributing to these threads? You seem
to have a big problem with it yourself.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

Subject: Re: Yet again, Apple forgot to sufficiently test desktop & iOS versions
From: Andrew
Newsgroups: misc.phone.mobile.iphone, comp.sys.mac.system, comp.mobile.ipad
Organization: BWH Usenet Archive (https://usenet.blueworldhosting.com)
Date: Wed, 15 May 2024 19:04 UTC
References: 1 2 3 4
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!panix!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!nnrp.usenet.blueworldhosting.com!.POSTED!not-for-mail
From: andrew@spam.net (Andrew)
Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.system,comp.mobile.ipad
Subject: Re: Yet again, Apple forgot to sufficiently test desktop & iOS versions
Date: Wed, 15 May 2024 19:04:48 -0000 (UTC)
Organization: BWH Usenet Archive (https://usenet.blueworldhosting.com)
Message-ID: <v2310f$2khe$1@nnrp.usenet.blueworldhosting.com>
References: <v213g8$oi4$1@nnrp.usenet.blueworldhosting.com> <laimsbFmkmhU5@mid.individual.net> <v21i02$msue$2@dont-email.me> <lak0udFsppbU2@mid.individual.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 15 May 2024 19:04:48 -0000 (UTC)
Injection-Info: nnrp.usenet.blueworldhosting.com;
logging-data="86574"; mail-complaints-to="usenet@blueworldhosting.com"
Cancel-Lock: sha1:ROrtW30mYYCFR1+YcixTJBI0PUw= sha256:219jJZkeVvC4eA8dV+YfXJ+E2UhgbCstsoT2/LDIsFY=
sha1:U5DMNKDUcoB+zrk1/N+x2t9PgXg= sha256:PtnFLGyBE6hfrKRNuRzbiHbsjNO99KBCPeizTVS9lIg=
X-Newsreader: Mod.PiaoHong.Usenet.Client:2.02.M16
View all headers

Bear in mind I stated a fact that was relevant to the subject line,
and which was temporal and which affected those in the newsgroup line.

You're welcome to filter me out but if you do, you lose those facts.

Jolly Roger and Joerg Lorenz only provided negative value in noise.
a. Joerg I don't see but he's nothing but a jughead of no value.
b. Jolly Roger is using classic whataboutism to deflect from the subject
<https://en.wikipedia.org/wiki/Whataboutism>
"Whataboutism or whataboutery (as in "what about...?") is a
pejorative for the strategy of responding to an accusation
with a counter-accusation instead of a defense of the
original accusation. From a logical and argumentative point
of view, whataboutism is considered a variant of the tu-quoque
pattern (Latin 'you too', term for a counter-accusation),
which is a subtype of the ad-hominem argument.
The communication intent is often to distract from the content
of a topic (red herring). "

What Jolly Roger is trying to do is distract the topic away from
the fact that the data was correct about the Apple zero-day holes.

Jolly Roger used his classic ad hominem attack to deflect from that.

It's classic because Jolly Roger has no defense to the facts.
And Joerg... well... everyone has him filtered out already, don't they?

1

rocksolid light 0.9.8
clearnet tor