Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

The solution of this problem is trivial and is left as an exercise for the reader.

computers / comp.sys.mac.apps / Re: iOS 15.0.2 is out

SubjectAuthor
* Re: iOS 15.0.2 is outRobin Goodfellow
`* Re: iOS 15.0.2 is outsms
 `- Re: iOS 15.0.2 is outRobin Goodfellow

1
Re: iOS 15.0.2 is out

<sk58k1$13ru$1@gioia.aioe.org>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=551&group=comp.sys.mac.apps#551

  copy link   Newsgroups: misc.phone.mobile.iphone comp.mobile.ipad comp.sys.mac.apps
Path: i2pn2.org!i2pn.org!aioe.org!mByNiJf1d5xCtYqtin8lWQ.user.46.165.242.75.POSTED!not-for-mail
From: Ancient-...@Heaven.Net (Robin Goodfellow)
Newsgroups: misc.phone.mobile.iphone,comp.mobile.ipad,comp.sys.mac.apps
Subject: Re: iOS 15.0.2 is out
Date: Wed, 13 Oct 2021 00:18:22 +0000
Organization: Keeping Good Company
Message-ID: <sk58k1$13ru$1@gioia.aioe.org>
References: <sk1rdf$13tq$1@gioia.aioe.org> <sk47ak$m41$1@dont-email.me> <sk4ct3$1h6a$1@gioia.aioe.org> <sk4p5j$no6$1@dont-email.me> <ismkpuFi2m0U2@mid.individual.net>
Injection-Info: gioia.aioe.org; logging-data="36734"; posting-host="mByNiJf1d5xCtYqtin8lWQ.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Xnews/5.04.25
X-Notice: Filtered by postfilter v. 0.9.2
 by: Robin Goodfellow - Wed, 13 Oct 2021 00:18 UTC

Jolly Roger <jollyroger@pobox.com> asked
> "Patching known vulnerabilities quickly is bad, y'all!"
>
> Idiot trolls can GTFO...

What Steve and any sensible person is worried about is the sheer number of exploited zero-day holes in iOS - which is far larger than _any_ OS alive.

In terms of zero day holes exploited in the wild, *nobody is as bad as Apple*.
Nobody.

*Apple has a whopping zero-day hole a month to its operating system*
(because Apple has _never_ even once fully tested any software it ships!)

But in the last 9-1/2 months, *Apple added 17 zero-day holes alone*!
That's a spectacularly sordid _two_ zero-day exploits every month, JR.

*Nobody has this many zero-day holes*, Jolly Roger.
Nobody.

Just Apple.
--
Project Zero proved Apple has never even once tested their released code!
CVE-2021-1782 (Kernel) - A malicious application may be able to elevate privileges
CVE-2021-1870 (WebKit) - A remote attacker may be able to cause arbitrary code execution
CVE-2021-1871 (WebKit) - A remote attacker may be able to cause arbitrary code execution
CVE-2021-1879 (WebKit) - Processing maliciously crafted web content may lead to universal cross-site scripting
CVE-2021-30657 (System Preferences) - A malicious application may bypass Gatekeeper checks
CVE-2021-30661 (WebKit Storage) - Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2021-30663 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2021-30665 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2021-30666 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2021-30713 (TCC framework) - A malicious application may be able to bypass Privacy preferences
CVE-2021-30761 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2021-30762 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2021-30807 (IOMobileFrameBuffer) - An application may be able to execute arbitrary code with kernel privileges
CVE-2021-30858 (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2021-30860 (CoreGraphics) - Processing a maliciously crafted PDF may lead to arbitrary code execution
CVE-2021-30869 (XNU) - A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2021-30883 (WebContent) - A memory corruption in the app sandbox making for good LPE exploits in chains

Re: iOS 15.0.2 is out

<sk5e7h$mu0$1@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=553&group=comp.sys.mac.apps#553

  copy link   Newsgroups: misc.phone.mobile.iphone comp.mobile.ipad comp.sys.mac.apps
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: scharf.s...@geemail.com (sms)
Newsgroups: misc.phone.mobile.iphone,comp.mobile.ipad,comp.sys.mac.apps
Subject: Re: iOS 15.0.2 is out
Date: Tue, 12 Oct 2021 18:53:51 -0700
Organization: A noiseless patient Spider
Lines: 15
Message-ID: <sk5e7h$mu0$1@dont-email.me>
References: <sk1rdf$13tq$1@gioia.aioe.org> <sk47ak$m41$1@dont-email.me>
<sk4ct3$1h6a$1@gioia.aioe.org> <sk4p5j$no6$1@dont-email.me>
<ismkpuFi2m0U2@mid.individual.net> <sk58k1$13ru$1@gioia.aioe.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 13 Oct 2021 01:53:53 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="5e3680dab5a4abd843b026a266361f57";
logging-data="23488"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+rATjw066UgNm+CPEJ0w1d"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
Thunderbird/78.14.0
Cancel-Lock: sha1:pj0GN4NeYSym/N3XLtlcgIFQSzw=
In-Reply-To: <sk58k1$13ru$1@gioia.aioe.org>
Content-Language: en-US
 by: sms - Wed, 13 Oct 2021 01:53 UTC

On 10/12/2021 5:18 PM, Robin Goodfellow wrote:
> Jolly Roger <jollyroger@pobox.com> asked
>> "Patching known vulnerabilities quickly is bad, y'all!"
>>
>> Idiot trolls can GTFO...
>
> What Steve and any sensible person is worried about is the sheer number of exploited zero-day holes in iOS - which is far larger than _any_ OS alive.
>
> In terms of zero day holes exploited in the wild, *nobody is as bad as Apple*.
> Nobody.
>
> *Apple has a whopping zero-day hole a month to its operating system*
> (because Apple has _never_ even once fully tested any software it ships!)

This is not a testing issue. It's a design issue.

Re: iOS 15.0.2 is out

<sk5jpg$be4$1@gioia.aioe.org>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=554&group=comp.sys.mac.apps#554

  copy link   Newsgroups: misc.phone.mobile.iphone comp.mobile.ipad comp.sys.mac.apps
Path: i2pn2.org!i2pn.org!aioe.org!r54nm8OyoLuEs1DZbOiA2A.user.46.165.242.75.POSTED!not-for-mail
From: Ancient-...@Heaven.Net (Robin Goodfellow)
Newsgroups: misc.phone.mobile.iphone,comp.mobile.ipad,comp.sys.mac.apps
Subject: Re: iOS 15.0.2 is out
Date: Wed, 13 Oct 2021 03:29:01 +0000
Organization: Keeping Good Company
Message-ID: <sk5jpg$be4$1@gioia.aioe.org>
References: <sk1rdf$13tq$1@gioia.aioe.org> <sk47ak$m41$1@dont-email.me> <sk4ct3$1h6a$1@gioia.aioe.org> <sk4p5j$no6$1@dont-email.me> <ismkpuFi2m0U2@mid.individual.net> <sk58k1$13ru$1@gioia.aioe.org> <sk5e7h$mu0$1@dont-email.me>
Injection-Info: gioia.aioe.org; logging-data="11716"; posting-host="r54nm8OyoLuEs1DZbOiA2A.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Xnews/5.04.25
X-Notice: Filtered by postfilter v. 0.9.2
 by: Robin Goodfellow - Wed, 13 Oct 2021 03:29 UTC

sms <scharf.steven@geemail.com> asked
>> *Apple has a whopping zero-day hole a month to its operating system*
>> (because Apple has _never_ even once fully tested any software it ships!)
>
> This is not a testing issue. It's a design issue.

Steve,

You may be right. It may be just sloppy coding more so than lack of QA.

Whatever it is, Apple has the worst zero-day record of _any_ OS alive.

I've been struggling to figure out exactly why Apple had one zero-day
exploit a month (almost always also exploited in the wild) in the past few
iOS releases (where iOS 13 was a shit storm, and iOS 14 wasn't any better);
but now the rate of exploits has skyrocketed to almost two a month lately.

There have been 17 zero-day exploits in 2021 alone, which must be a record,
even for Apple's horribly sordid record on poor design and even worse QA.

I looked a bit into _why_ this bug existed, which was something Apple
_should_ have caught (it's a sophomoric error, as are most Apple holes).

Just as it was proven Facetime had never even once been tested before it was
released, I'm not sure (yet) if the cause is poor design or poor QA.

You have a point that it's poor design, given that even Google's Project
Zero showed almost every huge Apple hole was a sophomoric coding error...

*But shouldn't Apple have run even a basic QA test to have caught this?*
(Note: It's a repeat of a similar bug that was _told_ to Apple a while ago!)

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor