Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

"Send lawyers, guns and money..." -- Lyrics from a Warren Zevon song


computers / comp.sys.mac.system / Apple on track to meet or break its 2021 tally of 12 zero day bugs

SubjectAuthor
o Apple on track to meet or break its 2021 tally of 12 zero day bugsNewsKrawler

1
Apple on track to meet or break its 2021 tally of 12 zero day bugs

<t28iu9$35tum$1@paganini.bofh.team>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=14198&group=comp.sys.mac.system#14198

 copy link   Newsgroups: comp.sys.mac.system
Path: i2pn2.org!i2pn.org!paganini.bofh.team!not-for-mail
From: newskr...@krawl.org (NewsKrawler)
Newsgroups: comp.sys.mac.system
Subject: Apple on track to meet or break its 2021 tally of 12 zero day bugs
Date: Sat, 2 Apr 2022 04:20:26 -0000 (UTC)
Organization: To protect and to server
Message-ID: <t28iu9$35tum$1@paganini.bofh.team>
Injection-Date: Sat, 2 Apr 2022 04:20:26 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="3340246"; posting-host="b7PQHhReiTPlEwMRLHb4OQ.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team";
X-Notice: Filtered by postfilter v. 0.9.1
 by: NewsKrawler - Sat, 2 Apr 2022 04:20 UTC

https://arstechnica.com/information-technology/2022/03/apple-rushes-out-patches-for-two-zero-days-threatening-ios-and-macos-users/
It's raining down Apple zero-days.

With 5 zero-days this year, Apple is on track to meet or break its 2021
tally of 12 zero day bugs.

Apple rushes out patches for two 0-days threatening iOS and macOS users=

CVE-2022-22674 and CVE-2022-22675 are the fourth and fifth zero-days Apple
has patched this year.

In January, the company rushed out patches for iOS, iPadOS, macOS Monterey,
watchOS, tvOS, and HomePod Software to fix a zero-day memory corruption flaw
that could give exploiters the ability to execute code with kernel
privileges.

The bug, tracked as CVE-2022-22587, resided in the IOMobileFrameBuffer.

A separate vulnerability, CVE-2022-22594, made it possible for websites to
track sensitive user information. The exploit code for that vulnerability
was released publicly prior to the patch being issued.

Apple in February pushed out a fix for a use after free bug in the Webkit
browser engine that gave attackers the ability to run malicious code on
iPhones, iPads, and iPod Touches. Apple said that reports it received
indicated the vulnerability-CVE-2022-22620 was likely actively exploited.

A spreadsheet Google security researchers maintain to track zero-days shows
Apple fixed a total of 12 such vulnerabilities in 2021.

Among those was a flaw in iMessage that the Pegasus spyware framework was
targeting using a zero-click exploit, meaning devices were infected merely
by receiving a malicious message, without any user action required.

Two zero-days that Apple patched in May made it possible for attackers to
infect fully up-to-date devices.

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor