https://www.bleepingcomputer.com/news/security/apple-fixes-recently-disclosed-zero-day-on-older-iphones-ipads/
Apple fixes recently disclosed zero-day on older iPhones, iPads

Apple has released new security updates to backport patches released
earlier this week to older iPhones and iPads, addressing an actively
exploited zero-day bug.

The vulnerability (CVE-2022-42827) is the one Apple patched for iPhone and
iPad devices this Monday, October 24. Potential attackers can use it to
execute arbitrary code with kernel privileges if successfully exploited in
attacks.

The out-of-bounds write issue was reported to Apple by an anonymous
researcher, and it's caused by software being able to write data outside
the boundaries of the memory buffer.

This can result in data corruption, application crashes, and code execution
due to undefined or unexpected results (also known as memory corruption)
from subsequent data written to the buffer.

Apple addressed the zero-day vulnerability in iOS 15.7.1 and iPadOS 15.7.1
today with improved bounds checking.

The list of impacted devices includes iPhone 6s and later, iPad Pro (all
models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4
and later, and iPod touch (7th generation).

In September, Apple addressed a flaw in the iOS Kernel (CVE-2022-32917).
In August, it fixed two more zero-days in the iOS Kernel (CVE-2022-32894)
and WebKit (CVE-2022-32893)
In March, Apple patched two zero-day in the Intel Graphics Driver
(CVE-2022-22674) and AppleAVD (CVE-2022-22675).
In February, Apple released security updates to address another WebKit
zero-day bug exploited to target iPhones, iPads, and Macs.
In January, Apple patched another pair of zero-days allowing code execution
with kernel privileges (CVE-2022-22587) and web browsing activity tracking
(CVE-2022-22594).

This is the ninth zero-day Apple has fixed since the start of this year.

NewsKrawler <newskrawl@krawl.org> wrote:

> This is the ninth zero-day Apple has fixed since the start of this year.

Yes. This is good news. What is your point? I’m surprised that you
posted this good news.

Since you are posting Apple Good News, it’s interesting that you don’t post
THIS good news:

https://www.imore.com/apple/apple-posts-record-revenue-of-dollar901-billion-in-the-fourth-quarter-of-2022

On Oct 27, 2022, Bob Campbell wrote
(in article<news:Tv6cnYMRC_xCx8b-nZ2dnZfqn_ednZ2d@supernews.com>):

>> This is the ninth zero-day Apple has fixed since the start of this year.
>
> Yes. This is good news.

It's actually bad news. Very bad news for the ninth time this year.

Your claim that Apple profits negate Apple's security holes is awkward.

It's like you saying the similarly awkward congratulatory feelings of
"Good News. Apple was released from jail for the ninth time this year!"

Ron, the humblest guy in town.

RonTheGuy <ron@null.invalid> wrote:
> On Oct 27, 2022, Bob Campbell wrote
> (in article<news:Tv6cnYMRC_xCx8b-nZ2dnZfqn_ednZ2d@supernews.com>):
>
>>> This is the ninth zero-day Apple has fixed since the start of this year.
>>
>> Yes. This is good news.
>
> It's actually bad news. Very bad news for the ninth time this year.

Your claim that Apple should never fix these things is absurd.

On Oct 30, 2022, Bob Campbell wrote
(in article<news:kvOcnUjTNa-4AsP-nZ2dnZfqnPidnZ2d@supernews.com>):

>>>> This is the ninth zero-day Apple has fixed since the start of this year.
>>>
>>> Yes. This is good news.
>>
>> It's actually bad news. Very bad news for the ninth time this year.
>
> Your claim that Apple should never fix these things is absurd.

Your claim that it's a good thing Apple had nine security holes is absurd.
Even more absurd is your claim Apple profits mean security doesn't matter.
Has it occurred to you the high profits are at the expense of low security?

Ron, the humblest guy in town.

In article <1p4vy2te89q1y.dlg@news.solani.org>, RonTheGuy
<ron@null.invalid> wrote:

> Has it occurred to you the high profits are at the expense of low security?

has it occurred to you that you're clueless?

On Sun, 30 Oct 2022 12:43:51 -0400, nospam <nospam@nospam.invalid> wrote:

>> Has it occurred to you the high profits are at the expense of low security?
>
> has it occurred to you that you're clueless?

You may be correct since it arguable whether this is the eighth or ninth
zero-day security hole that Apple was unaware of this year until informed
by others who have better & more comprehensive testing skills than Apple.

All Apple cares about are profits - not the security of their devices.
That means Bob Campbell is right.

Only Apple profits matter. Not security.
It would cost Apple money to look for these security holes.

Why do that when the only thing that matters to Apple is profits.
Not security.

Bob Campbell said so many times.
The less security effort Apple expends, the higher the profits.

Bob Campbell said that's a good thing.
Profits are good.
Security is bad.

According to you and Bob Campbell that is.

Only profits matter.
Not security.

This spreadsheet maintained by Google researchers showed that Apple was
told about seven zero-days so far this year that Apple was unable to find.
https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/view#gid62223764

Apple can't find their own security holes, which may be why Apple profits
are so high since Apple prioritizes profits over security.

That's what Bob Campbell wants Apple do to.
The lower the security, the higher the profits.

That's a good thing.
For Apple.

That's not including CVE-2022-42827 which Apple also was unable to find.
https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/view#gid62223764

Counting this latest one would bring that Apple zero-day total for 2022 to
eight which is about once a month Apple is unable to find huge security
holes.

Bleeping Computer, however, said CVE-2022-42827 is Apple's ninth zero-day
fixed in the last 10 months.

Besides CVE-2022-42827, the updates fix 19 other security vulnerabilities,
including two in the kernel, three in Point-to-Point Protocol, two in
WebKit, and one each in AppleMobileFileIntegrity, Core Bluetooth, IOKit,
and this iOS sandbox.

The real problem here is Apple doesn't find any of these zero-day bugs.
And people like Bob Campbell who awkwardly think that is a good thing.

In article <tjmaft$llf$1@gioia.aioe.org>, Ken Blake
<Ken@invalid.news.com> wrote:

>
> You may be correct

i am, in that you are actively using other people's identities in your
unhealthy quest to troll.

RonTheGuy <ron@null.invalid> wrote:
> On Oct 30, 2022, Bob Campbell wrote
> (in article<news:kvOcnUjTNa-4AsP-nZ2dnZfqnPidnZ2d@supernews.com>):
>
>>>>> This is the ninth zero-day Apple has fixed since the start of this year.
>>>>
>>>> Yes. This is good news.
>>>
>>> It's actually bad news. Very bad news for the ninth time this year.
>>
>> Your claim that Apple should never fix these things is absurd.
>
> Your claim that it's a good thing Apple had nine security holes is absurd.

I never claimed that. It IS a good thing that they get fixed. All
software has bugs. It is naive to think otherwise.

> Even more absurd is your claim Apple profits mean security doesn't matter.

I never claimed that either, Arlen. Apple’s profits come from designing
and building high quality products that people actually line up to buy.
The fact that you hate that means you have to invent these silly lies, just
to keep your boat trolling along.

> Has it occurred to you the high profits are at the expense of low security?

I fail to see how one has anything to do with the other. There are small,
one person companies - who do not have high profits - selling apps that
also have “low security”.

What’s your point again?

On 2022-10-30, Ken Blake <Ken@invalid.news.com> wrote:
> On Sun, 30 Oct 2022 12:43:51 -0400, nospam <nospam@nospam.invalid> wrote:
>
>>> Has it occurred to you the high profits are at the expense of low
>>> security?
>>
>> has it occurred to you that you're clueless?
>
> You may be

Right on cue, here comes Arlen with yet another new nym. Once he pops,
he can't stops! : D

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

On 2022-10-30, RonTheGuy <ron@null.invalid> wrote:
> On Oct 27, 2022, Bob Campbell wrote
> (in article<news:Tv6cnYMRC_xCx8b-nZ2dnZfqn_ednZ2d@supernews.com>):
>
>>> This is the ninth zero-day Apple has fixed since the start of this
>>> year.
>>
>> Yes. This is good news.
>
> It's actually bad news.

"Fixing bugs is bad, y'all!" : D

> Very bad news

Sure, Sparky. Meanwhile Android can be rooted without *any* zero days
required - they just walk through the front door instead. I guess that's
"good news" in your Bizarro Upside Down Trollboi world.

> Your claim that Apple profits negate Apple's security holes is
> awkward.

The only one making that claim are you and your trollboi buddies. : )

> Ron, the dumbest guy in town.

Yes.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR