> IOSurfaceAccelerator
> Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
> Description: An out-of-bounds write issue was addressed with improved input validation.
> WebKit
> Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
> Description: A use after free issue was addressed with improved memory management.
Hopefully this opens place for even more jailbreaks. I absolutely hate Apple's walled gardens, every single high severity CVE for them is smile from me.
Huh? Edit: I don’t understand, the “huh?” is 100% sincere. Apple is releasing security updates, not withholding them. What control are they exerting here?
In a sense the GP is correct since iOS/macOS is proprietary software and the end user can't just fix a security issue themselves... but this applies to all proprietary software in general.
I still don’t understand the complaint. Apple released a security patch, they didn’t decide to withhold it for some nebulous purpose. I also release security patches for software I maintain, am I deciding what security my users get to enjoy by doing so?
8 comments
[ 471 ms ] story [ 1315 ms ] thread[0]: https://support.apple.com/en-us/HT213720