(www.securityweek.com)

262 points fortran77 | 1 comments | 20 Nov 24 00:26 UTC | HN request time: 0.212s | source

Show context

acdha ◴[20 Nov 24 00:43 UTC] No.42189685[source]▶

Interesting that they’re mentioned as only being exploited on Intel. Has anyone seen whether that’s because the attacker only targeted that platform or is it actually stopped by something like pointer protection?

replies(3): >>42189761 #>>42189809 #>>42189932 #

justinclift ◴[20 Nov 24 01:02 UTC] No.42189809[source]▶

>>42189685 #

Doesn't seem to completely line up that they're rushing out iOS updates (ie for phones, etc) for something they're saying they've only confirmed on Intel cpus.

Unless they're assuming it's exploitable on Apple Silicon as well, or are being extra careful just in case.

replies(7): >>42189876 #>>42189883 #>>42190175 #>>42190448 #>>42190733 #>>42190776 #>>42190850 #

bigiain ◴[20 Nov 24 02:56 UTC] No.42190448[source]▶

>>42189809 #

> Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

Is kinda weasel-wordy, if you read it with sufficient cynicism.

Its doesn't rule out them also being aware of reports (or actual instances) of it being exploited on iOS or Apple silicon Macs.

It _might_ actually mean "Apple could not deny in a lawsuit that it's been sent a report of this being exploited on Intel Macs."

replies(3): >>42190680 #>>42190962 #>>42191576 #

1. duxup ◴[20 Nov 24 03:50 UTC] No.42190680[source]▶

>>42190448 #

Or they’re just not able to confirm it everywhere but feel the code change is necessary regardless?

I’ve certainly addressed a potential issue with code that I thought might have occurred even when I couldn’t confirm it with 100% certainty.

A detailed analysis / testing and confirmation that provides certainty may take longer than addressing code.

↑

Apple Confirms Zero-Day Attacks Hitting macOS Systems