←back to thread

262 points fortran77 | 4 comments | | HN request time: 0s | source
Show context
acdha ◴[] No.42189685[source]
Interesting that they’re mentioned as only being exploited on Intel. Has anyone seen whether that’s because the attacker only targeted that platform or is it actually stopped by something like pointer protection?
replies(3): >>42189761 #>>42189809 #>>42189932 #
justinclift ◴[] No.42189809[source]
Doesn't seem to completely line up that they're rushing out iOS updates (ie for phones, etc) for something they're saying they've only confirmed on Intel cpus.

Unless they're assuming it's exploitable on Apple Silicon as well, or are being extra careful just in case.

replies(7): >>42189876 #>>42189883 #>>42190175 #>>42190448 #>>42190733 #>>42190776 #>>42190850 #
1. bigiain ◴[] No.42190448[source]
> Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

Is kinda weasel-wordy, if you read it with sufficient cynicism.

Its doesn't rule out them also being aware of reports (or actual instances) of it being exploited on iOS or Apple silicon Macs.

It _might_ actually mean "Apple could not deny in a lawsuit that it's been sent a report of this being exploited on Intel Macs."

replies(3): >>42190680 #>>42190962 #>>42191576 #
2. duxup ◴[] No.42190680[source]
Or they’re just not able to confirm it everywhere but feel the code change is necessary regardless?

I’ve certainly addressed a potential issue with code that I thought might have occurred even when I couldn’t confirm it with 100% certainty.

A detailed analysis / testing and confirmation that provides certainty may take longer than addressing code.

3. brookst ◴[] No.42190962[source]
If you read it with enough cynicism, it doesn’t rule out Apple having actual knowledge that it was exploited to steal every last bit of information from every Mac, iPhone, iPad, iPod, Apple TV, and Apple II ever produced.
4. kafrofrite ◴[] No.42191576[source]
Most probably what Apple means is that since their codebase is shared, the vulnerability exists across devices. This does not mean that the vulnerability is actively exploited in iOS nor that it will not be actively exploited as part of some other campaign.