8 comments

[ 471 ms ] story [ 1315 ms ] thread
These vulnerabilities were pretty serious [0]

   > IOSurfaceAccelerator
   > Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
   > Description: An out-of-bounds write issue was addressed with improved input validation.

   > WebKit
   > Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
   > Description: A use after free issue was addressed with improved memory management.
Hopefully this opens place for even more jailbreaks. I absolutely hate Apple's walled gardens, every single high severity CVE for them is smile from me.

[0]: https://support.apple.com/en-us/HT213720

Consider not buying Apple products if you want to control your device.
You will only be as secure as Apple wants you to be.
Huh? Edit: I don’t understand, the “huh?” is 100% sincere. Apple is releasing security updates, not withholding them. What control are they exerting here?
In a sense the GP is correct since iOS/macOS is proprietary software and the end user can't just fix a security issue themselves... but this applies to all proprietary software in general.
I still don’t understand the complaint. Apple released a security patch, they didn’t decide to withhold it for some nebulous purpose. I also release security patches for software I maintain, am I deciding what security my users get to enjoy by doing so?