Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

6 May, 2024: The networking issue during the past two days has been identified and appears to be fixed. Will keep monitoring.

computers / comp.sys.mac.system / Re: Incompetent Apple Safari QA shipped the SAME exploited severe bug three times over the past 5 years

SubjectAuthor
* Incompetent Apple Safari QA shipped the SAME exploited severe bug three times ovAndy Burnelli
`* Re: Incompetent Apple Safari QA shipped the SAME exploited severe bugAlan
 `* Re: Incompetent Apple Safari QA shipped the SAME exploited severe bug three timeJerry
  `* Re: Incompetent Apple Safari QA shipped the SAME exploited severe bugAlan
   `- Re: Incompetent Apple Safari QA shipped the SAME exploited severe bug three timeJerry

1
Incompetent Apple Safari QA shipped the SAME exploited severe bug three times over the past 5 years

<taa2u4$rgt$1@gioia.aioe.org>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=14494&group=comp.sys.mac.system#14494

  copy link   Newsgroups: misc.phone.mobile.iphone comp.sys.mac.system
Path: i2pn2.org!i2pn.org!aioe.org!YJ9T4Jrl0F+pWyDRfaeX/g.user.46.165.242.75.POSTED!not-for-mail
From: spa...@nospam.com (Andy Burnelli)
Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.system
Subject: Incompetent Apple Safari QA shipped the SAME exploited severe bug three times over the past 5 years
Date: Fri, 8 Jul 2022 21:10:08 +0100
Organization: Aioe.org NNTP Server
Message-ID: <taa2u4$rgt$1@gioia.aioe.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Info: gioia.aioe.org; logging-data="28189"; posting-host="YJ9T4Jrl0F+pWyDRfaeX/g.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1
Content-Language: en-GB
X-Notice: Filtered by postfilter v. 0.9.2
 by: Andy Burnelli - Fri, 8 Jul 2022 20:10 UTC

The Apple QA team is so incompetent that they don't know the first thing
about testing, which is that when you find and fix a bug, you put processes
in place so that the same bug doesn't come back to bite you again.

They shipped the bug in 2013 (Safari, iOS, iPadOS, and macOS).
And then again in 2016 (Safari, iOS, iPadOS, and macOS).
And yet again in 2022 (Safari, iOS, iPadOS, and macOS).

Holy Christ. This is clear evidence of gross incompetence of Apple QA!

Each time Apple shipped the _same_ bug, it was exploited in the wild.
*That's how grossly incompetent Apple QA truly is*

*Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild*
<https://thehackernews.com/2022/06/google-researchers-detail-5-year-old.html>
--
If Apple spent just some of their huge marketing budget in QA R&D, Apple
wouldn't be such incompetent software coders who ship the same bug 3 times.

Re: Incompetent Apple Safari QA shipped the SAME exploited severe bug three times over the past 5 years

<taa7me$qi26$2@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=14496&group=comp.sys.mac.system#14496

  copy link   Newsgroups: misc.phone.mobile.iphone comp.sys.mac.system
Path: i2pn2.org!i2pn.org!aioe.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: nuh...@nope.com (Alan)
Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.system
Subject: Re: Incompetent Apple Safari QA shipped the SAME exploited severe bug
three times over the past 5 years
Date: Fri, 8 Jul 2022 14:30:54 -0700
Organization: A noiseless patient Spider
Lines: 32
Message-ID: <taa7me$qi26$2@dont-email.me>
References: <taa2u4$rgt$1@gioia.aioe.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 8 Jul 2022 21:30:55 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="d15616179789fcdc07483540381c3bff";
logging-data="870470"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/DpJNt2Lgp4O88FsPJvyKZVDoK2TlxuO4="
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0)
Gecko/20100101 Thunderbird/91.11.0
Cancel-Lock: sha1:lDX3HDIF98emSSEx+XOnxtoybf4=
In-Reply-To: <taa2u4$rgt$1@gioia.aioe.org>
Content-Language: en-CA
 by: Alan - Fri, 8 Jul 2022 21:30 UTC

On 2022-07-08 13:10, Andy Burnelli wrote:
> The Apple QA team is so incompetent that they don't know the first thing
> about testing, which is that when you find and fix a bug, you put processes
> in place so that the same bug doesn't come back to bite you again.
>
> They shipped the bug in 2013 (Safari, iOS, iPadOS, and macOS).
> And then again in 2016 (Safari, iOS, iPadOS, and macOS).
> And yet again in 2022 (Safari, iOS, iPadOS, and macOS).
>
> Holy Christ. This is clear evidence of gross incompetence of Apple QA!
>
> Each time Apple shipped the _same_ bug, it was exploited in the wild.
>  *That's how grossly incompetent Apple QA truly is*
>
> *Google Researchers Detail 5-Year-Old Apple Safari Vulnerability
> Exploited in the Wild*
> <https://thehackernews.com/2022/06/google-researchers-detail-5-year-old.html>
>

Wow. You don't even know how to read:

'"In this case, the variant was completely patched when the
vulnerability was initially reported in 2013," Maddie Stone of Google
Project Zero said. "However, the variant was reintroduced three years
later during large refactoring efforts. The vulnerability then continued
to exist for 5 years until it was fixed as an in-the-wild zero-day in
January 2022."'

So 2013, 2016...

....and no "again in 2022".

Re: Incompetent Apple Safari QA shipped the SAME exploited severe bug three times over the past 5 years

<taae9i$vg6$1@gioia.aioe.org>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=14497&group=comp.sys.mac.system#14497

  copy link   Newsgroups: misc.phone.mobile.iphone comp.sys.mac.system
Path: i2pn2.org!i2pn.org!aioe.org!NYYQGrmrmlGIRXYQ2hUdEw.user.46.165.242.75.POSTED!not-for-mail
From: Jer...@JerryThinks.com (Jerry)
Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.system
Subject: Re: Incompetent Apple Safari QA shipped the SAME exploited severe bug three times over the past 5 years
Date: Fri, 8 Jul 2022 16:23:58 -0700
Organization: Aioe.org NNTP Server
Message-ID: <taae9i$vg6$1@gioia.aioe.org>
References: <taa2u4$rgt$1@gioia.aioe.org> <taa7me$qi26$2@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Info: gioia.aioe.org; logging-data="32262"; posting-host="NYYQGrmrmlGIRXYQ2hUdEw.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.5
X-Notice: Filtered by postfilter v. 0.9.2
 by: Jerry - Fri, 8 Jul 2022 23:23 UTC

On Fri, 8 Jul 2022 14:30:54 -0700, Alan wrote:

> So 2013, 2016...
>
> ...and no "again in 2022".

Even worse then as that means it existed, was fixed, & then it was
reintroduced & exploited in the wild undetected by Apple for five years.

Re: Incompetent Apple Safari QA shipped the SAME exploited severe bug three times over the past 5 years

<tacm90$14gun$5@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=14500&group=comp.sys.mac.system#14500

  copy link   Newsgroups: misc.phone.mobile.iphone comp.sys.mac.system
Path: i2pn2.org!i2pn.org!aioe.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: nuh...@nope.com (Alan)
Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.system
Subject: Re: Incompetent Apple Safari QA shipped the SAME exploited severe bug
three times over the past 5 years
Date: Sat, 9 Jul 2022 12:51:59 -0700
Organization: A noiseless patient Spider
Lines: 11
Message-ID: <tacm90$14gun$5@dont-email.me>
References: <taa2u4$rgt$1@gioia.aioe.org> <taa7me$qi26$2@dont-email.me>
<taae9i$vg6$1@gioia.aioe.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sat, 9 Jul 2022 19:52:00 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="9654ffb6f08bb37c7281d9b2588a9836";
logging-data="1197015"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+h2s4L3xyTO0OhE12JEXZsjk3sdrvPxwY="
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0)
Gecko/20100101 Thunderbird/91.11.0
Cancel-Lock: sha1:unPcl3hjTtZlFsiYClyLYsXxExI=
In-Reply-To: <taae9i$vg6$1@gioia.aioe.org>
Content-Language: en-CA
 by: Alan - Sat, 9 Jul 2022 19:51 UTC

On 2022-07-08 16:23, Jerry wrote:
> On Fri, 8 Jul 2022 14:30:54 -0700, Alan wrote:
>
>> So 2013, 2016...
>>
>> ...and no "again in 2022".
>
> Even worse then as that means it existed, was fixed, & then it was
> reintroduced & exploited in the wild undetected by Apple for five years.

Or was utterly undetected in the wild as well...

Re: Incompetent Apple Safari QA shipped the SAME exploited severe bug three times over the past 5 years

<tactad$1un3$1@gioia.aioe.org>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=14502&group=comp.sys.mac.system#14502

  copy link   Newsgroups: misc.phone.mobile.iphone comp.sys.mac.system
Path: i2pn2.org!i2pn.org!aioe.org!REtAK2mXiPXg9gCemUmZDw.user.46.165.242.75.POSTED!not-for-mail
From: Jer...@JerryThinks.com (Jerry)
Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.system
Subject: Re: Incompetent Apple Safari QA shipped the SAME exploited severe bug three times over the past 5 years
Date: Sat, 9 Jul 2022 14:52:41 -0700
Organization: Aioe.org NNTP Server
Message-ID: <tactad$1un3$1@gioia.aioe.org>
References: <taa2u4$rgt$1@gioia.aioe.org> <taa7me$qi26$2@dont-email.me> <taae9i$vg6$1@gioia.aioe.org> <tacm90$14gun$5@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Info: gioia.aioe.org; logging-data="64227"; posting-host="REtAK2mXiPXg9gCemUmZDw.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.5
X-Notice: Filtered by postfilter v. 0.9.2
 by: Jerry - Sat, 9 Jul 2022 21:52 UTC

On Sat, 9 Jul 2022 12:51:59 -0700, Alan wrote:

> On 2022-07-08 16:23, Jerry wrote:
>> On Fri, 8 Jul 2022 14:30:54 -0700, Alan wrote:
>>
>>> So 2013, 2016...
>>>
>>> ...and no "again in 2022".
>>
>> Even worse then as that means it existed, was fixed, & then it was
>> reintroduced & exploited in the wild undetected by Apple for five years.
>
> Or was utterly undetected in the wild as well...

The bug was definitely exploited in the wild but that's not the bad part.

What's worse is Apple re-introduced the same error twice and then never
noticed it for five years until someone else had to tell Apple about it.

That says a lot about how bad Apple is in their lack of testing processes.

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor