(support.apple.com)

328 points jerlam | 1 comments | 17 Sep 25 00:34 UTC | HN request time: 0.238s | source

Show context

sunrunner ◴[17 Sep 25 01:00 UTC] No.45270286[source]▶

> Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

Even if there was no mention of this or the implication that it’s linked to the notifications Apple sends for targeted attacks, is it fair to say this kind of backdated security patch implies a lot about the severity of the vulnerability? What’s Apple’s default time frame for security support?

replies(7): >>45270299 #>>45270338 #>>45270340 #>>45270394 #>>45270424 #>>45270622 #>>45270949 #

1. zomiaen ◴[17 Sep 25 01:08 UTC] No.45270338[source]▶

>>45270286 #

Almost certainly some kind of zero click/zero user action RCE exploit.

Edit: I should've read, "Impact: Processing a malicious image file may result in memory corruption."

So simply receiving an image via SMS or loading it in some other way likely accomplishes the initial exploit, so yeah, zero click exploit. Always bad.

↑

About the security content of iOS 15.8.5 and iPadOS 15.8.5