←back to thread

About the security content of iOS 15.8.5 and iPadOS 15.8.5

(support.apple.com)
328 points jerlam | 4 comments | 17 Sep 25 00:34 UTC | HN request time: 0.441s | source
Show context
sunrunner ◴[17 Sep 25 01:00 UTC] No.45270286[source]
> Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

Even if there was no mention of this or the implication that it’s linked to the notifications Apple sends for targeted attacks, is it fair to say this kind of backdated security patch implies a lot about the severity of the vulnerability? What’s Apple’s default time frame for security support?

replies(7): >>45270299 #>>45270338 #>>45270340 #>>45270394 #>>45270424 #>>45270622 #>>45270949 #
1. giancarlostoro ◴[17 Sep 25 01:20 UTC] No.45270424[source]
One key thing I noticed is this is before iPadOS was a thing, so this patch targets iPads too... Which makes me wonder... this is speculation no proof, but I wonder if someone is exploiting Point of Sale devices that are powered by old iPads somehow, which is out of the control of a lot of end-users who are at thee mercy of the POS vendors who are probably charging an insane premium on them.

I worked at a restaurant chain and I remember it being a whole thing to even consider reworking the POS tables + software due to rising costs.

replies(3): >>45270559 #>>45270954 #>>45270986 #
2. batiudrami ◴[17 Sep 25 01:39 UTC] No.45270559[source]
By the phrasing this is almost certainly a patch for targeted vulnerabilities to install Pegasus or similar.
3. rafram ◴[17 Sep 25 02:36 UTC] No.45270954[source]
Only if you think some state intelligence agency is wasting million-dollar vulnerabilities on a bit of credit card skimming.
4. joshstrange ◴[17 Sep 25 02:40 UTC] No.45270986[source]
I work for a POS company that uses iPads (along other clients) and I’ve not heard of anything like that. I assume it’s people of interest (journalists, or politicians).

Also my company, as well as at least 1 other I know of that uses iPads, don’t sell the iPads to the stores, they replace or buy their iPads directly from Apple. Smaller places handle it all themselves, larger might use MDM but they are buying them at-cost.

I’m not saying everyone does that, just that I’m not aware of it.