←back to thread

265 points fortran77 | 1 comments | | HN request time: 0.201s | source
Show context
TekMol ◴[] No.42191458[source]
The article sounds like it also applies to iOS

    The company urged users across the Apple
    ecosystem to apply the urgent iOS 18.1.1,
    macOS Sequoia 15.1.1 and the older iOS 17.7.2.
And that it is web based

    maliciously crafted web content may lead
    to arbitrary code execution
Has this happened before? That iPhones had a security hole that could be exploited over the web?
replies(5): >>42191532 #>>42191533 #>>42191570 #>>42191597 #>>42192845 #
e28eta ◴[] No.42191532[source]
Absolutely. I don’t follow the scene, but early in the iphone’s product life I distinctly remember a web-based jailbreak, where you loaded a page and then you could ‘slide to jailbreak’. I don’t know if user action was strictly required, or if it was a UX thing.
replies(1): >>42192094 #
TekMol ◴[] No.42192094[source]
Shouldn't that lead to a massive amount of iPhones being broken into?

If not, why?

If so, what happened to all those phones?

I never hear stories like "My iPhone was broken into and this happened: ..."

replies(4): >>42192219 #>>42192481 #>>42192531 #>>42192745 #
pwagland ◴[] No.42192745[source]
Because most people apply the software updates at some point, and this was fixed many years ago. Everything sold in the last years comes with a version of iOS that isn't vulnerable anymore.
replies(1): >>42212805 #
1. hulitu ◴[] No.42212805[source]
> Everything sold in the last years comes with a version of iOS that isn't vulnerable anymore.

Famous last words. (as far as i know they don't release just security patches for iOS, iOS patches introduce also new features, thus increasing the probability of new bugs).

My impression is that Apple fixes the majority of zero days _after_ they become public.