Apple security update not found 104034/28/2023 If you have a Mac, the above patch is the only item listed in the latest update advisory. Impact: A remote attacker may be able to cause unexpectedĪpplication termination or arbitrary code executionĭescription: An out-of-bounds read was addressed with improvedĬVE-2019-8641: Samuel Groß and Natalie Silvanovich It looks as though the Project Zero researchers were right, because Apple’s latest slew of updates include a fix explicitly listed as: Foundation Interestingly, Google deliberately kept quiet about CVE-2019-8641 at the time, noting that Apple’s fix “did not fully remediate the issue”. That’s why we urged you, back in August 2019, to double-check that you were patched up to iOS 12.4 – it’s risky to be unpatched at any time, let alone after exploit code is available to anyone who cares to download it. Most of those holes were revealed to the public in August 2019, following Project Zero’s usual approach of ‘dropping’ detailed descriptions and proof-of-concept code to do with vulnerabilities for which patches already exist. The idea was to search not for security bugs by which you could be tricked into making a serious security blunder, but for holes by which your device itself could be tricked without you even being involved. Silvanovich and Groß investigated five message-handling components on the iPhone: SMS, MMS, Visual voicemail, email and iMessage. They decided to dig into the software components in your iPhone that automatically process data uploaded from the outside, to see if they could find bugs that might be remotely exploitable. The talk was presented by well-known Google Project Zero researcher Natalie Silvanovich, and it covered a wide-ranging vulnerability research project conduced by Silvanovich and her colleague Samuel Groß. …including one from Google with the intriguing title Look, no hands! – The remote, interaction-less attack surface of the iPhone. Remember the Black Hat conference of 2019?Ĭhances are you didn’t attend – even though it’s a huge event, the vast majority of cybersecurity professionals only experience it remotely – but you probably heard about some of the more dramatic talk titles… See below for the details of which updates came out when. Not long after we published this article, Apple announced iOS 13.1.1, fixing yet another bug.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |