Apple patches zero-day vulnerability in iOS, iPadOS, macOS under active attack:
Apple on Monday patched a zero-day vulnerability in its iOS, iPadOS, and macOS operating systems, only a week after issuing a set of OS updates addressing about three dozen other flaws.
The bug, CVE-2021-30807, was found in the iGiant's IOMobileFrameBuffer code, a kernel extension for managing the screen frame buffer that could be abused to run malicious code on the affected device.
CVE-2021-30807, credited to an anonymous researcher, has been addressed by undisclosed but purportedly improved memory handling code.
"An application may be able to execute arbitrary code with kernel privileges," the iDevice maker said in one of its duplicative advisories. "Apple is aware of a report that this issue may have been actively exploited."
Apple did not, however, say who might be involved in the exploitation of this bug. Nor did the company respond to a query about whether the bug has been exploited by NSO Group's Pegasus surveillance software.
[...] Shortly after Apple's advisory was published, PoC exploit code was posted via Twitter
(Score: 0) by Anonymous Coward on Wednesday July 28 2021, @02:25PM (10 children)
Apple devices don't get viruses (unless they're running Windows in a virtual machine).
(Score: 2) by agr on Wednesday July 28 2021, @03:00PM (3 children)
Apple has less malware to begin with, can focus on getting safe patches out quickly for the infrequent problems that do come up, and their walled garden helps keep things manageable. It’s a defense in depth approach, not perfect but pretty effective. Don’t like it? Windows, Android and Linux are all still available.
(Score: 3, Disagree) by Rosco P. Coltrane on Wednesday July 28 2021, @03:34PM (2 children)
Hehe, looks like the Apple kool-aid has been swallowed whole.
Apple is good. But where they really shine is marketing. It's amazing the number of people who swallow their bullshit on security and privacy. Best proof? Watch this here post get modded down in one minute flat, despite IT professionals knowing full well it's true.
(Score: 3, Touché) by Anonymous Coward on Wednesday July 28 2021, @05:29PM
Well... the ones that visit the same tech 'news' sites as you, anyway. If they were really honest about the time they spent on Windows security issues, though...
(Score: 2, Insightful) by Anonymous Coward on Thursday July 29 2021, @01:58AM
What kool aid? Its just common sense. They are either more or less secure than the competition - its impossible to be exactly the same. You seem to be claiming indirectly they are less by going anti-fanboy on comment that they are more secure - care to actually provide some insights apart from the childish comments?
(Score: 4, Insightful) by epitaxial on Wednesday July 28 2021, @03:40PM (3 children)
Seven year old devices will get this patch. How many two year old Androids are still getting them?
(Score: 0) by Anonymous Coward on Wednesday July 28 2021, @08:16PM
now you know why people queue around a block starting at 2 am: because they want to "enjoy" manufacturer provided security updates for the full 3 years starting from the first day of availability and not a day less ...
(Score: 4, Insightful) by edIII on Wednesday July 28 2021, @08:43PM (1 child)
That's an unfair comparison though.
Apple is a single manufacturer in a single ecosystem. While multiple wireless carriers are selling iPhones, they have absolutely zero control over the software being installed on the devices.
Android is completely different. Google is supposedly providing some updates to the open source code, but the wireless carriers and phone manufacturers represent a large ecosystem with dozens of corporations being responsible for pushing those updates. The wireless carriers really don't give a shit. Updates only for the predominant hardware and bloatware they load up on the phones. Manufacturers barely give a shit beyond the initial sale looking at long term updates as a cost that provides little return. No different than Netgear not giving a shit about 5 year old APs. The odds of an Android phone ever being upgraded to the new version of Android is slim to none.
Apple has a very large advantage by being the only manufacturer of Apple devices. Too bad that's completely wasted by a right-to-repair war, right-to-your-devices-war, .etc. If it weren't for them being complete shitheads about who actually owns the device I might be an Apple owner.
I'll take my chances with an unlocked Android all day long as long as I'm free of the walled garden with the shiny happy people that are happy not actually owning their own devices (at a price premium no less!).
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1) by Acabatag on Wednesday July 28 2021, @09:50PM
Plenty of critical subsystems of Android devices are updated for years. The Android update system is more granular and updated components are pushed by the Play Store.
(Score: 1, Troll) by Tork on Wednesday July 28 2021, @03:50PM (1 child)
🏳️🌈 Proud Ally 🏳️🌈
(Score: 0) by Anonymous Coward on Wednesday July 28 2021, @08:27PM
the VerrRRoSes are not in their devices but in their heads to begin with...