(www.securityweek.com)

262 points fortran77 | 2 comments | 20 Nov 24 00:26 UTC | HN request time: 0.7s | source

Show context

acdha ◴[20 Nov 24 00:43 UTC] No.42189685[source]▶

Interesting that they’re mentioned as only being exploited on Intel. Has anyone seen whether that’s because the attacker only targeted that platform or is it actually stopped by something like pointer protection?

replies(3): >>42189761 #>>42189809 #>>42189932 #

justinclift ◴[20 Nov 24 01:02 UTC] No.42189809[source]▶

>>42189685 #

Doesn't seem to completely line up that they're rushing out iOS updates (ie for phones, etc) for something they're saying they've only confirmed on Intel cpus.

Unless they're assuming it's exploitable on Apple Silicon as well, or are being extra careful just in case.

replies(7): >>42189876 #>>42189883 #>>42190175 #>>42190448 #>>42190733 #>>42190776 #>>42190850 #

oddevan ◴[20 Nov 24 01:17 UTC] No.42189883[source]▶

>>42189809 #

> Unless they're... being extra careful just in case.

That's where my money is.

replies(2): >>42190127 #>>42190431 #

ajross ◴[20 Nov 24 01:54 UTC] No.42190127[source]▶

>>42189883 #

Or they just don't know. Full analysis of an exploit usually takes days to weeks. It's possible it's only exploitable on x86, but equally possible that only the x86 version of the payload was discovered in the wild.

replies(1): >>42190542 #

1. 486sx33 ◴[20 Nov 24 03:16 UTC] No.42190542[source]▶

>>42190127 #

Rosetta2 runs an x86 exploit? Doesn’t explain iOS but still sounds interesting!

replies(1): >>42191707 #

2. ◴[20 Nov 24 08:03 UTC] No.42191707[source]▶

>>42190542 (TP) #

↑

Apple Confirms Zero-Day Attacks Hitting macOS Systems