Ant <ant@zimage.comANT> wrote
> https://support.apple.com/en-us/HT213823

What's good about the RSR is that it's brand new to Apple operating systems
(even though it's what Android has been doing since around Android 10).

It allows Apple to finally update a security hole in iOS 16 (only!) without
having to spend months of wasted time letting the hackers exploit the hole.

As a result of this new-to-Apple RSR capability (which every other
operating system already used, except iOS), iOS should go from being ten
times more exploited than Android - over time - to just two or three times.

The reason iOS will never be anywhere near as secure as Android is webkit.
WebKit is a fundamental component of the highly insecure walled garden.

https://support.apple.com/en-us/HT213823
iOS 16.5.1 (a) and iPadOS 16.5.1 (a) due to severe flaws in Apple WebKit.
Released July 10, 2023 only for iOS 16.5.1 and iPadOS 16.5.1

Impact: Processing web content may lead to arbitrary code execution.
(For those who don't know - this means every iPhone is fucked.)

Apple is aware this issue may have been actively exploited.
(For those who don't know - this means it's long ago already exploited.)

Description: The issue was addressed with improved checks.
(For those who don't know - this means Apple's coding skills suck.)

CVE-2023-37450: an anonymous researcher
(For those who don't know - this means Apple never finds iOS bugs.)

If you're on any other operating system other than iOS 16, you're fucked.
The only operating system less secure than Apple's OS's are Micsrosofts.

Specifically, *Android is _ten times LESS EXPLOITED_ than iOS* is.
https://www.cisa.gov/known-exploited-vulnerabilities-catalog

On Jul 10, 2023 at 1:32:56 PM PDT, "Wally J" <walterjones@invalid.nospam>
wrote:

> Ant <ant@zimage.comANT> wrote
>> https://support.apple.com/en-us/HT213823
>
> What's good about the RSR is that it's brand new to Apple operating systems
> (even though it's what Android has been doing since around Android 10).
>
> It allows Apple to finally update a security hole in iOS 16 (only!) without
> having to spend months of wasted time letting the hackers exploit the hole.
>
> As a result of this new-to-Apple RSR capability (which every other
> operating system already used, except iOS), iOS should go from being ten
> times more exploited than Android - over time - to just two or three times.
>
> The reason iOS will never be anywhere near as secure as Android is webkit.
> WebKit is a fundamental component of the highly insecure walled garden.
>
> https://support.apple.com/en-us/HT213823
> iOS 16.5.1 (a) and iPadOS 16.5.1 (a) due to severe flaws in Apple WebKit.
> Released July 10, 2023 only for iOS 16.5.1 and iPadOS 16.5.1
>
> Impact: Processing web content may lead to arbitrary code execution.
> (For those who don't know - this means every iPhone is fucked.)
>
> Apple is aware this issue may have been actively exploited.
> (For those who don't know - this means it's long ago already exploited.)
>
> Description: The issue was addressed with improved checks.
> (For those who don't know - this means Apple's coding skills suck.)
>
> CVE-2023-37450: an anonymous researcher
> (For those who don't know - this means Apple never finds iOS bugs.)
>
> If you're on any other operating system other than iOS 16, you're fucked.
> The only operating system less secure than Apple's OS's are Micsrosofts.
>
> Specifically, *Android is _ten times LESS EXPLOITED_ than iOS* is.
> https://www.cisa.gov/known-exploited-vulnerabilities-catalog
>
>

It is a great idea, so let's talk about how Android is the second coming of
Jesus!

Wally J <walterjones@invalid.nospam> wrote:
> Ant <ant@zimage.comANT> wrote
>> https://support.apple.com/en-us/HT213823
>
> What's good about the RSR is that it's brand new to Apple operating systems
> (even though it's what Android has been doing since around Android 10).
>
> It allows Apple to finally update a security hole in iOS 16 (only!) without
> having to spend months of wasted time letting the hackers exploit the hole.
>
> As a result of this new-to-Apple RSR capability (which every other
> operating system already used, except iOS), iOS should go from being ten
> times more exploited than Android - over time - to just two or three times.
>
> The reason iOS will never be anywhere near as secure as Android is webkit.
> WebKit is a fundamental component of the highly insecure walled garden.
>
> https://support.apple.com/en-us/HT213823
> iOS 16.5.1 (a) and iPadOS 16.5.1 (a) due to severe flaws in Apple WebKit.
> Released July 10, 2023 only for iOS 16.5.1 and iPadOS 16.5.1
>
> Impact: Processing web content may lead to arbitrary code execution.
> (For those who don't know - this means every iPhone is fucked.)
>
> Apple is aware this issue may have been actively exploited.
> (For those who don't know - this means it's long ago already exploited.)
>
> Description: The issue was addressed with improved checks.
> (For those who don't know - this means Apple's coding skills suck.)
>
> CVE-2023-37450: an anonymous researcher
> (For those who don't know - this means Apple never finds iOS bugs.)
>
> If you're on any other operating system other than iOS 16, you're fucked.
> The only operating system less secure than Apple's OS's are Micsrosofts.
>
> Specifically, *Android is _ten times LESS EXPLOITED_ than iOS* is.
> https://www.cisa.gov/known-exploited-vulnerabilities-catalog
>
>
>

https://arstechnica.com/security/2023/07/apple-releases-quickly-pulls-rapid-security-response-update-for-0-day-webkit-bug/

gtr <xxx@yyy.zzz> wrote

>> If you're on any other operating system other than iOS 16, you're fucked.
>> The only operating system less secure than Apple's OS's are Micsrosofts.
>>
>> Specifically, *Android is _ten times LESS EXPLOITED_ than iOS* is.
>> https://www.cisa.gov/known-exploited-vulnerabilities-catalog
>>
>
> It is a great idea, so let's talk about how Android is the second coming of
> Jesus!

Please don't ascribe religion to realism.

The religious zealots know nothing about the iPhone in the real world.
https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Alan Browne. Jolly Roger. Joerg Lorenze. Bob Campbell. nospam.
None of them knows anything at all about the iPhone in the real world.

All they read are the very pretty nicely written marketing white papers.
In Apple's white papers, a zero-click zero-day exploit is impossible.

Yet in the real world *iPhones are exploited _10 times more_ than Android.*

Android has more malware (which is avoided by not installing dodgy apps).
The iPhone has ten times as many huge wide-open EXPLOITED security holes.

That's reality.
Not religion.

badgolferman wrote:

> https://arstechnica.com/security/2023/07/apple-releases-quickly-pulls-rapid-security-response-update-for-0-day-webkit-bug/

Apple is going through teething pains which every other operating system
when through years ago, since only Apple releases a monolith anymore.

Due to Apple's antiquated error prone release mechanism, they are having
teething flaws, which are to be expected as Apple tries to catch up to the
modern world using a release mechanism that allows for incremental updates.

Apple releases, quickly pulls Rapid Security Response update
for 0-day WebKit bug
Update for iOS 16, macOS Ventura can be uninstalled
if you're having problems.

ANDREW CUNNINGHAM - 7/11/2023, 2:52 PM

Yesterday, Apple published a new Rapid Security Response update for iOS 16,
iPadOS 16, and macOS Ventura to patch yet another actively exploited WebKit
code execution bug. But shortly after installation, users began having
issues accessing certain websites, and Apple has apparently pulled the
update to fix the problem.

According to MacRumors, affected sites include Facebook, Instagram,
WhatsApp, and Zoom, which began showing warning messages about not being
supported following the update.

Luckily for anyone who has installed it, Rapid Security Response updates
can be removed just as quickly as they were installed; on iOS, navigate to
the About page in the Settings app, tap on your iOS version, and then tap
"Remove Security Response."

The benefit of Rapid Security Response updates is that they're small in
size and quick to install (which makes one wonder why is the last operating
system vendor to shed the behemoth of the monolith for incremental
patches). One has to wonder what took Apple so long to get the idea?

The answer is in the two words: Walled Garden

The updates Apple has released so far have required a restart on my
devices, but total downtime was much less than it was for a typical
software update.

This is because Apple has stored many Safari and WebKit components outside
of the main Signed System Volume (SSV), a tamper-proof read-only volume for
most system files that must be mounted separately, patched, and re-sealed
every time most system updates are installed.

Everything about the Apple release mechanism stinks of its walled garden
antiquated design, which is _why_ Apple systems are the most exploited.

The downside of Rapid Security Response updates is that they may not be
tested as thoroughly as some system updates; Apple is currently on its
fifth developer betas of iOS 16.6 and macOS 13.5, and both updates have
been in testing since mid-May. Though you'll typically want to install them
quickly because the bugs they're patching tend to be severe, you may
occasionally run into problems.

The decision you have to make is do you suffer the inevitable teething
pains because Apple never tests their releases - or do you suffer exploits.

WebKit vulnerabilities in iOS tend to be especially severe since any app
that wants to render web content needs to use a webview powered by the
built-in WebKit engine used by Safari.

WebKit is why there can never be real privacy on any iOS or MacOS device.
https://support.torproject.org/tormobile/tormobile-3/

This includes third-party browsers like Google Chrome, Mozilla Firefox, and
Microsoft Edge, which can't use their own native rendering engines on iOS
or iPadOS the way they can on macOS, Windows, or other platforms. Apple has
long maintained that this restriction improves security on the platform.

And yet, not only is WebKit the source of most of Apple's zero-click
zero-day holes, but Apple lied about the security they claim it offers.

Apple announced the Rapid Security Response feature as part of iOS 16 and
macOS Ventura last June but didn't actually start using the feature
publicly until a couple of months ago.

It's good that Apple's antiquated release mechanism is intended to be
upgraded to the same incremental hotfix method that every other operating
system uses - but for Apple - this leap into modern methods is difficult.

When contacted for comment, an Apple spokesperson pointed us to this
support document, which says that new iOS/iPadOS 16.5.1 (b) and macOS
13.4.1 (b) Rapid Security Response updates will be available to resolve the
issues soon.

Let's hope.

On Jul 11, 2023 at 5:29:53 PM PDT, "Wally J" <walterjones@invalid.nospam>
wrote:

> gtr <xxx@yyy.zzz> wrote
>
>>> If you're on any other operating system other than iOS 16, you're fucked.
>>> The only operating system less secure than Apple's OS's are Micsrosofts.
>>>
>>> Specifically, *Android is _ten times LESS EXPLOITED_ than iOS* is.
>>> https://www.cisa.gov/known-exploited-vulnerabilities-catalog
>>>
>>
>> It is a great idea, so let's talk about how Android is the second coming of
>> Jesus!
>
> Please don't ascribe religion to realism.
>
> The religious zealots know nothing about the iPhone in the real world.
> https://www.cisa.gov/known-exploited-vulnerabilities-catalog
>
> Alan Browne. Jolly Roger. Joerg Lorenze. Bob Campbell. nospam.
> None of them knows anything at all about the iPhone in the real world.
>
> All they read are the very pretty nicely written marketing white papers.
> In Apple's white papers, a zero-click zero-day exploit is impossible.
>
> Yet in the real world *iPhones are exploited _10 times more_ than Android.*
>
> Android has more malware (which is avoided by not installing dodgy apps).
> The iPhone has ten times as many huge wide-open EXPLOITED security holes.
>
> That's reality.
> Not religion.

I see.

Android is Jesus! Praise our lord Jesus, unless your are Satan.

gtr <xxx@yyy.zzz> wrote

>> That's reality.
>> Not religion.
>
> I see.
>
> Android is Jesus! Praise our lord Jesus, unless your are Satan.

No. You don't understand. Nobody says Android is a religion.
People on Android read the news about how Android works.

It's mainly you iMorons who never read anything about how Apple works.

If someone tells you that Android has been creating hotfix patches since
about Android 10, then that's simply a reality that Android has been
patched for many years via about a half dozen separate patch methods.

It all happens every day, by the billions, under the covers, using the
Google Play Update mechanism which is the default on every Android phone.

What's different with iOS is that Apple has used a highly backward
single-slab monolith walled garden iOS release since the inception of iOS.

That ancient method was how people did operating systems back in the 1950s
and 1960s, but every company abandoned the single slab - except for Apple.

Like Moses and the single slab ten commandments, you Apple iNuts have
hailed that single-slab release as a religious embodiment of Apple's Jesus.

And yet, even Apple had to finally join the modern world by adding to iOS
16 for the first time in Apple's history the ability to patch a single bug.

That's the RSR.

And since Apple has never patched a single bug in their history prior to
iOS 16, it's obvious that Apple is having teething pains joining the modern
world.

That is just what's happening to Apple.
It has nothing to do with Android as much as you'd like to make it so.

Apple is simply copying what every other operating system has always done.
Patch a bug as fast as possible.

Instead of taking three to six months to build & test a single-slab iOS.
This is a good thing, whether or not you iMorons even know how it works.

What's no longer amazing, actually, is how little you iKooks know of Apple.

["Followup-To:" header set to comp.sys.mac.system.]
On 2023-07-13, Wally J <walterjones@invalid.nospam> wrote:
[stuff]

A befitting name is Wally

On Jul 13, 2023 at 12:29:09 PM PDT, "Wally J" <walterjones@invalid.nospam>
wrote:

> gtr <xxx@yyy.zzz> wrote
>
>>> That's reality.
>>> Not religion.
>>
>> I see.
>>
>> Android is Jesus! Praise our lord Jesus, unless your are Satan.
>
> No. You don't understand. Nobody says Android is a religion.
> People on Android read the news about how Android works.
>
> It's mainly you iMorons who never read anything about how Apple works.
>
> If someone tells you that Android has been creating hotfix patches since
> about Android 10, then that's simply a reality that Android has been
> patched for many years via about a half dozen separate patch methods.
>
> It all happens every day, by the billions, under the covers, using the
> Google Play Update mechanism which is the default on every Android phone.
>
> What's different with iOS is that Apple has used a highly backward
> single-slab monolith walled garden iOS release since the inception of iOS.
>
> That ancient method was how people did operating systems back in the 1950s
> and 1960s, but every company abandoned the single slab - except for Apple.
>
> Like Moses and the single slab ten commandments, you Apple iNuts have
> hailed that single-slab release as a religious embodiment of Apple's Jesus.
>
> And yet, even Apple had to finally join the modern world by adding to iOS
> 16 for the first time in Apple's history the ability to patch a single bug.
>
> That's the RSR.
>
> And since Apple has never patched a single bug in their history prior to
> iOS 16, it's obvious that Apple is having teething pains joining the modern
> world.
>
> That is just what's happening to Apple.
> It has nothing to do with Android as much as you'd like to make it so.
>
> Apple is simply copying what every other operating system has always done.
> Patch a bug as fast as possible.
>
> Instead of taking three to six months to build & test a single-slab iOS.
> This is a good thing, whether or not you iMorons even know how it works.
>
> What's no longer amazing, actually, is how little you iKooks know of Apple.

The Father, the Son and the Holy Android. Cast away your graven images and
return t our Lord Android!