←back to thread

Apple Confirms Zero-Day Attacks Hitting macOS Systems

(www.securityweek.com)
262 points fortran77 | 1 comments | 20 Nov 24 00:26 UTC | HN request time: 0.209s | source
Show context
acdha ◴[20 Nov 24 00:43 UTC] No.42189685[source]
Interesting that they’re mentioned as only being exploited on Intel. Has anyone seen whether that’s because the attacker only targeted that platform or is it actually stopped by something like pointer protection?
replies(3): >>42189761 #>>42189809 #>>42189932 #
justinclift ◴[20 Nov 24 01:02 UTC] No.42189809[source]
Doesn't seem to completely line up that they're rushing out iOS updates (ie for phones, etc) for something they're saying they've only confirmed on Intel cpus.

Unless they're assuming it's exploitable on Apple Silicon as well, or are being extra careful just in case.

replies(7): >>42189876 #>>42189883 #>>42190175 #>>42190448 #>>42190733 #>>42190776 #>>42190850 #
bigiain ◴[20 Nov 24 02:56 UTC] No.42190448[source]
> Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

Is kinda weasel-wordy, if you read it with sufficient cynicism.

Its doesn't rule out them also being aware of reports (or actual instances) of it being exploited on iOS or Apple silicon Macs.

It _might_ actually mean "Apple could not deny in a lawsuit that it's been sent a report of this being exploited on Intel Macs."

replies(3): >>42190680 #>>42190962 #>>42191576 #
1. kafrofrite ◴[20 Nov 24 07:36 UTC] No.42191576[source]
Most probably what Apple means is that since their codebase is shared, the vulnerability exists across devices. This does not mean that the vulnerability is actively exploited in iOS nor that it will not be actively exploited as part of some other campaign.