1. Forum
  2. Usenet
  3. MISC.PHONE.MOBILE.IPHONE

  • Half of the iOS vulnerabilities discovered in 2022 were exploited in th

    From Peter@21:1/5 to All on Wed Jan 25 13:14:43 2023
    Five of the iOS vulnerabilities last year were exploited in the wild. https://www.securityweek.com/apple-patches-exploited-ios-vulnerability-in-old-iphones/

    That's almost half the dozen zero-day vulnerabilities in iOS overall.

    Apple's iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

    Apple on Monday announced the release of iOS 12.5.7, which brings a patch
    for an actively exploited vulnerability to old iPhones and iPads.

    The tech giant released security updates for iOS, macOS and other products
    on Monday to patch many vulnerabilities which were recently reported to
    Apple by security researches, including a couple of WebKit flaws that can
    lead to arbitrary code execution which Google researchers found in the
    wild.

    In addition to updates for the latest versions of its operating systems,
    Apple announced the release of iOS 12.5.7, which patches CVE-2022-42856, a WebKit vulnerability that has been actively exploited by hackers against devices running iOS prior to the old vulnerable iOS version 15.1.

    The new vulnerability, whose exploitation was first seen by Google's Threat Analysis Group (TAG), can be used for arbitrary code execution through specially crafted web content. Essentially the device is wide open to
    hackers if the user visits a malicious web site and does nothing else.

    Apple rolled out its first round of patches for CVE-2022-42856 in December 2022, when it released iOS 16.1.2. The fix was also included at the time in macOS Ventura 13.1, tvOS 16.2, Safari 16.2, and iOS and iPadOS 15.7.2.

    Security updates for iOS 12 are increasingly rare, but Apple still releases patches when it needs to protect customers against such hugely advertised exploited flaws where users would likely complain it's Apple's fault.

    There is still no public information from the tight-lipped Apple on the
    attacks involving CVE-2022-42856 but according to data from Google, five of
    the iOS vulnerabilities discovered in 2022 were exploited in the wild.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jolly Roger@21:1/5 to Peter on Wed Jan 25 17:15:34 2023
    On 2023-01-25, Peter <occassionally-confused@nospam.co.uk> wrote:

    Five of the iOS vulnerabilities last year were exploited in the wild.

    Yes, Apple has been regularly patching the vulnerabilities used by NSO
    to attack devices with Pegasus as they are discovered for a few years
    now. Do try to keep up.

    --
    E-mail sent to this address may be devoured by my ravenous SPAM filter.
    I often ignore posts from Google. Use a real news client instead.

    JR

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Peter@21:1/5 to Jolly Roger on Wed Jan 25 21:46:16 2023
    Jolly Roger <jollyroger@pobox.com> wrote:
    Five of the iOS vulnerabilities last year were exploited in the wild.

    Yes, Apple has been regularly patching the vulnerabilities used by NSO
    to attack devices with Pegasus as they are discovered for a few years
    now. Do try to keep up.

    Except that none of those five exploits in the wild were Pegasus exploits.

    Pegasus exploits the iOS kernel which has proven to be wide open to them.

    iOS is so full of holes, NSO doesn't need to look further than the kernel.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jolly Roger@21:1/5 to Peter on Thu Jan 26 02:06:17 2023
    On 2023-01-25, Peter <occassionally-confused@nospam.co.uk> wrote:
    Jolly Roger <jollyroger@pobox.com> wrote:
    Five of the iOS vulnerabilities last year were exploited in the
    wild.

    Yes, Apple has been regularly patching the vulnerabilities used by
    NSO to attack devices with Pegasus as they are discovered for a few
    years now. Do try to keep up.

    Except that none of those five exploits in the wild were Pegasus
    exploits.

    You have no proof of that ludicrous bullshit claim.

    iOS is so full of holes, NSO doesn't need to look further than the
    kernel.

    Bullshit - Apple has been regularly patching the vulnerabilities
    exploited by Pegasus for years now. Meanwhile on Android NSO just walks
    through the front door via the standard Android jailbreak mechanisms
    with no exploits needed.

    --
    E-mail sent to this address may be devoured by my ravenous SPAM filter.
    I often ignore posts from Google. Use a real news client instead.

    JR

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Peter@21:1/5 to Jolly Roger on Sat Jan 28 02:37:36 2023
    Jolly Roger <jollyroger@pobox.com> wrote:
    You have no proof of that ludicrous bullshit claim.

    Which part of that report that half of the many iOS vulnerabilities in 2022
    are known to be actively exploited in the wild don't you agree with then?

    https://www.securityweek.com/apple-patches-exploited-ios-vulnerability-in-old-iphones/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jolly Roger@21:1/5 to Peter on Sat Jan 28 18:54:39 2023
    On 2023-01-28, Peter <occassionally-confused@nospam.co.uk> wrote:
    Jolly Roger <jollyroger@pobox.com> wrote:
    On 2023-01-25, Peter <occassionally-confused@nospam.co.uk> wrote:
    Jolly Roger <jollyroger@pobox.com> wrote:

    Five of the iOS vulnerabilities last year were exploited in the
    wild.

    Yes, Apple has been regularly patching the vulnerabilities used by
    NSO to attack devices with Pegasus as they are discovered for a few
    years now. Do try to keep up.

    Except that none of those five exploits in the wild were Pegasus
    exploits.

    You have no proof of that ludicrous bullshit claim.

    Which part of that report that half of the many iOS vulnerabilities in
    2022 are known to be actively exploited in the wild don't you agree
    with then?

    The claim I am disputing is your bullshit claim that "none of those five exploits in the wild were Pegasus exploits" - something you have no
    knowledge of and can't prove because it's pure bullshit. Do try to keep
    up, Arlen. I know it's hard for you to stay focused with all the
    trolling you do and bullshit you spew, but you'll just have to try
    harder. Or you can just continue to squirm around by snipping context
    and trying to change the subject as you did above, and take a hit to
    your vaunted "credibility" - the choice is yours.

    --
    E-mail sent to this address may be devoured by my ravenous SPAM filter.
    I often ignore posts from Google. Use a real news client instead.

    JR

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)