1. Forum
  2. Newsgroups
  3. comp.sys.mac.system

  • Three zero-days within months - Apple is on a roll for zero-day bugs in 2025

    From Marion@marion@facts.com to misc.phone.mobile.iphone,comp.mobile.ipad,comp.sys.mac.system on Sat May 24 01:58:41 2025
    From Newsgroup: comp.sys.mac.system

    *Three zero-days within months!*
    <https://www.csoonline.com/article/3843999/apple-patches-zero-day-bugs-used-in-targeted-iphone-attacks.html>

    The company suffered a total of twenty zero-day holes in 2023, including
    the actively exploited RCE bugs, CVE-2023-32434 and CVE-2023-32435.

    In 2024, Apple fixed six zero-day bugs, along with a string of critical
    flaws including CVE-2024-23225 and CVE-2024-23296 which together allowed attackers to bypass kernel memory protection.

    This marks Apple's third zero-day fix since the start of the year,
    following patches for CVE-2025-24085 in January and CVE-2025-24200 in
    February.

    Surprise! While Android has *never* had a Pegasus kernel exploit, iOS constantly has them, in addition to the termite-ridden WebKit abomination.

    Patches were released on Tuesday and are available through the latest
    versions of iOS, iPadOS, macOS, Safari, and visionOS.

    Apple never tests their software sufficiently which is perhaps the main
    reason why iOS is the most exploited mobile operating system in history.
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Alan@nuh-uh@nope.com to misc.phone.mobile.iphone,comp.mobile.ipad,comp.sys.mac.system on Mon May 26 18:14:49 2025
    From Newsgroup: comp.sys.mac.system

    On 2025-05-23 18:58, Marion wrote:
    *Three zero-days within months!*
    <https://www.csoonline.com/article/3843999/apple-patches-zero-day-bugs-used-in-targeted-iphone-attacks.html>

    The company suffered a total of twenty zero-day holes in 2023, including
    the actively exploited RCE bugs, CVE-2023-32434 and CVE-2023-32435.

    In 2024, Apple fixed six zero-day bugs, along with a string of critical
    flaws including CVE-2024-23225 and CVE-2024-23296 which together allowed attackers to bypass kernel memory protection.

    This marks Apple's third zero-day fix since the start of the year,
    following patches for CVE-2025-24085 in January and CVE-2025-24200 in February.

    Surprise! While Android has *never* had a Pegasus kernel exploit, iOS constantly has them, in addition to the termite-ridden WebKit abomination.

    Interesting your very careful phrasing there: "Pegasus KERNEL exploit"...

    'Pegasus for Android

    Pegasus for Android is the Android version of malware that has
    reportedly been linked to the NSO Group.'

    <https://attack.mitre.org/software/S0316/>
    --- Synchronet 3.21a-Linux NewsLink 1.2