[HN Gopher] Apple releases macOS 12.5.1, iOS 15.6.1, patches for...
___________________________________________________________________
Apple releases macOS 12.5.1, iOS 15.6.1, patches for two zero-day
vulerabilities
Author : nateb2022
Score : 78 points
Date : 2022-08-17 19:51 UTC (3 hours ago)
(HTM) web link (support.apple.com)
(TXT) w3m dump (support.apple.com)
| samtheprogram wrote:
| Interesting there's no release for other "supported" versions of
| macOS. Seems this just affects Monterrey and the associated
| versions of iOS?
| Klonoar wrote:
| Came here to ask - there's really no patch for Big Sur?
| radicaldreamer wrote:
| They might still be working on it
| gumby wrote:
| Or the vulnerability might apply only to a more modern
| feature.
| roog wrote:
| nojito wrote:
| What? This isn't true at all.
|
| Many people just prefer to do their work anonymously.
|
| https://support.apple.com/en-us/HT213346
|
| Here's a neural engine bug where one researcher was anonymous
| and the other wasn't.
| chrisseaton wrote:
| > That's the hallmark of a nation state that has previously
| been exploiting these, but since decided - for whatever reason
| - that the vulns have become too risky to leave undisclosed to
| the vendor.
|
| I think it just means the person doesn't want to be named.
| smiddereens wrote:
| panny wrote:
| Why isn't there basic information available on this cve? What
| version range is affected? What applications or system utilities
| are affected? Is it remotely exploitable or local only? Does it
| require elevated privileges?
|
| This is the level of support you get from a trillion dollar
| company?
| pinewurst wrote:
| How much support do you get from Google on Android issues? Or
| any issue? Or anything, really?
| olyjohn wrote:
| This thread isn't about Google or Android. So stop with the
| what about this and that crap.
|
| What they do doesn't excuse Apple anyways.
| yborg wrote:
| Wow, what was that...? Rebooted my Intel Mini like 4 times and
| took a good 20 minutes to apply a point release.
| anonymouse008 wrote:
| Does anyone have an idea as to what programs were actively
| exploiting? I'd rather apple tell us directly to know if we are
| affected
| egypturnash wrote:
| Link is to the macOS patch notes, https://support.apple.com/en-
| us/HT213412 is the patch notes for iOS if anyone's curious. The
| only difference is "available for a bunch of iThings" instead of
| "available for Monterey", the CVEs are the same.
| dieulot wrote:
| > WebKit Bugzilla: 243557
|
| https://bugs.webkit.org/show_bug.cgi?id=243557 (leading to
| https://github.com/WebKit/WebKit/commit/1ed1e4a336e15a59b94a...)
|
| Shouldn't this issue have been made inaccessible in order to
| mitigate exploitation?
| cjbprime wrote:
| The bug doesn't seem to describe the vulnerability at all,
| though?
| dandongus wrote:
| Not sure why people flagged you for this. It's very common for
| open source projects to make the details of security-related
| bugs private. One example is Firefox, nearly every security
| update references one or more bug tickets that the public
| doesn't have permission to view.
|
| I wonder if Apple listed the wrong webkit bug number, it almost
| looks like it.
| tposx wrote:
| Looks like the vulnerability was something to do with
| incorrect JIT optimisations on Maps and Sets, if the included
| tests are any indication.
| Syonyk wrote:
| I haven't seen a good answer to the question, "Does Lockdown on
| iOS 16 prevent whatever this exploited?"
|
| In any case, there was a Chrome 0day recently patched too, an
| Element Desktop RCE... so... Qubes is looking less and less like
| "A good idea" and more and more like "The only way to safely use
| web browsers." :( Disposable browsing VMs should keep the nasties
| away.
| antegamisou wrote:
| > Qubes is looking less and less like "A good idea" and more
| and more like "The only way to safely use web browsers."
|
| That is until someone comes up with a debilitating Xen 0-day
| Syonyk wrote:
| > _That is until someone comes up with a debilitating Xen
| 0-day_
|
| But you're adding layers.
|
| A Xen 0day, alone, isn't useful. You have to be able to
| deliver it, which probably implies local root.
|
| To get something useful out of a user's home directory on a
| typical OS install, you pop the browser, do what you want.
|
| To get something useful out of a user in Qubes, assuming
| they're using an untrusted browsing VM, you have to pop the
| browser, then get local root, _then_ deploy your Xen
| exploit... and then maybe do something useful.
|
| There's also the standard malware anti-RE-sandbox techniques
| used. Show up in a clean profile on a hypervisor? _Maaaaaybe_
| not a good idea to be evil. Lots of stuff will refuse to
| actuate in something that looks like a malware RE sandbox,
| and a disposable Qubes VM certainly would look like that.
|
| I won't claim it's impossible, but I will claim that doing a
| cross-Qube hop through Xen is a lot harder than just one
| exploit and get the goodies.
___________________________________________________________________
(page generated 2022-08-17 23:00 UTC)