Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > misc.phone.mobile.iphone > #197318 > unrolled thread
| Started by | Symon <symon@notice.org> |
|---|---|
| First post | 2025-08-28 10:25 +0200 |
| Last post | 2025-09-10 15:44 +0000 |
| Articles | 12 — 7 participants |
Back to article view | Back to misc.phone.mobile.iphone
Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Symon <symon@notice.org> - 2025-08-28 10:25 +0200
Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks "Carlos E.R." <robin_listas@es.invalid> - 2025-08-28 14:38 +0200
Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks WolfFan <akwolffan@zoho.com> - 2025-09-05 17:58 -0400
Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Hank Rogers <Hank@nospam.invalid> - 2025-09-05 19:03 -0500
Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Alan <nuh-uh@nope.com> - 2025-08-28 10:20 -0400
Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Hank Rogers <Hank@nospam.invalid> - 2025-08-28 12:44 -0500
Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Tom Elam <thomas.e.elam@gmail.com> - 2025-09-04 14:12 -0400
Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Jolly Roger <jollyroger@pobox.com> - 2025-09-04 20:26 +0000
Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Hank Rogers <Hank@nospam.invalid> - 2025-09-04 15:55 -0500
Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Jolly Roger <jollyroger@pobox.com> - 2025-09-05 16:46 +0000
Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Tom Elam <thomas.e.elam@gmail.com> - 2025-09-09 19:52 -0400
Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Jolly Roger <jollyroger@pobox.com> - 2025-09-10 15:44 +0000
| From | Symon <symon@notice.org> |
|---|---|
| Date | 2025-08-28 10:25 +0200 |
| Subject | Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks |
| Message-ID | <d9131ade72cf3bb031b5a471d45b25f9@dizum.com> |
Use Apple products at your own risk. Don't fall for the Verizon free iPhone on us offer. It's junk. Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild. The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300 (CVSS score: 8.8), resides in the ImageIO framework and could result in memory corruption when processing a malicious image. "Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals," the company said in an advisory. The iPhone maker said the bug was internally discovered and that it was addressed with improved bounds checking. The following versions address the security defect - iOS 18.6.2 and iPadOS 18.6.2 - iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later iPadOS 17.7.10 - iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation macOS Ventura 13.7.8 - Macs running macOS Ventura macOS Sonoma 14.7.8 - Macs running macOS Sonoma macOS Sequoia 15.6.1 - Macs running macOS Sequoia It's currently not known who is behind the attacks and who may have been targeted, but it's likely that the vulnerability has been weaponised as part of highly targeted attacks. With the latest update, Apple has so far fixed a total of seven zero-days that have been abused in real-world attacks since the start of the year: CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025- 31201, and CVE-2025-43200. Last month, the company also issued patches for a Safari vulnerability residing in an open-source component (CVE-2025-6558) that Google reported as having been exploited as a zero-day in the Chrome web browser. https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero- day.html
[toc] | [next] | [standalone]
| From | "Carlos E.R." <robin_listas@es.invalid> |
|---|---|
| Date | 2025-08-28 14:38 +0200 |
| Message-ID | <18v5olxruo.ln2@Telcontar.valinor> |
| In reply to | #197318 |
On 2025-08-28 10:25, Symon wrote: > Use Apple products at your own risk. Don't fall for the Verizon free > iPhone on us offer. It's junk. > > Apple has released security updates to address a security flaw impacting > iOS, iPadOS, and macOS that it said has come under active exploitation in > the wild. And this affects Windows because...? -- Cheers, Carlos.
[toc] | [prev] | [next] | [standalone]
| From | WolfFan <akwolffan@zoho.com> |
|---|---|
| Date | 2025-09-05 17:58 -0400 |
| Message-ID | <0001HW.2E6B947804D0A66770000AA7E38F@news.supernews.com> |
| In reply to | #197319 |
On Aug 28, 2025, Carlos E.R. wrote (in article <18v5olxruo.ln2@Telcontar.valinor>): > On 2025-08-28 10:25, Symon wrote: > > Use Apple products at your own risk. Don't fall for the Verizon free > > iPhone on us offer. It's junk. > > > > Apple has released security updates to address a security flaw impacting > > iOS, iPadOS, and macOS that it said has come under active exploitation in > > the wild. > > And this affects Windows because...? Arlen has a new gym. Added to the killfile list; Arlen now has sufficient nyms that I’ve re-orged my kf list and given him his very own folder.
[toc] | [prev] | [next] | [standalone]
| From | Hank Rogers <Hank@nospam.invalid> |
|---|---|
| Date | 2025-09-05 19:03 -0500 |
| Message-ID | <109ftpi$2o1u0$1@dont-email.me> |
| In reply to | #197392 |
WolfFan wrote on 9/5/2025 4:58 PM: > On Aug 28, 2025, Carlos E.R. wrote > (in article <18v5olxruo.ln2@Telcontar.valinor>): > >> On 2025-08-28 10:25, Symon wrote: >>> Use Apple products at your own risk. Don't fall for the Verizon free >>> iPhone on us offer. It's junk. >>> >>> Apple has released security updates to address a security flaw impacting >>> iOS, iPadOS, and macOS that it said has come under active exploitation in >>> the wild. >> >> And this affects Windows because...? > > Arlen has a new gym. Added to the killfile list; Arlen now has sufficient > nyms that I’ve re-orged my kf list and given him his very own folder. > At least he has kept the gym open, though I'm not a member and don't work out at arlen's gym. re-orging is always good when you have kf lists. Good luck!
[toc] | [prev] | [next] | [standalone]
| From | Alan <nuh-uh@nope.com> |
|---|---|
| Date | 2025-08-28 10:20 -0400 |
| Message-ID | <108pok8$1d5gg$1@dont-email.me> |
| In reply to | #197318 |
On 2025-08-28 04:25, Symon wrote: > Use Apple products at your own risk. Don't fall for the Verizon free > iPhone on us offer. It's junk. > > Apple has released security updates to address a security flaw impacting > iOS, iPadOS, and macOS that it said has come under active exploitation in > the wild. And in other news, Arlen has changed posting nyms again!
[toc] | [prev] | [next] | [standalone]
| From | Hank Rogers <Hank@nospam.invalid> |
|---|---|
| Date | 2025-08-28 12:44 -0500 |
| Message-ID | <108q4hs$1ggbh$2@dont-email.me> |
| In reply to | #197320 |
Alan wrote on 8/28/2025 9:20 AM: > On 2025-08-28 04:25, Symon wrote: >> Use Apple products at your own risk. Don't fall for the Verizon free >> iPhone on us offer. It's junk. >> >> Apple has released security updates to address a security flaw impacting >> iOS, iPadOS, and macOS that it said has come under active exploitation in >> the wild. > And in other news, Arlen has changed posting nyms again! Oh no, Arlen's on the loose again! Better hop to it boy.
[toc] | [prev] | [next] | [standalone]
| From | Tom Elam <thomas.e.elam@gmail.com> |
|---|---|
| Date | 2025-09-04 14:12 -0400 |
| Message-ID | <109ckpk$1u39b$1@dont-email.me> |
| In reply to | #197318 |
On 8/28/2025 4:25 AM, Symon wrote: > Use Apple products at your own risk. Don't fall for the Verizon free > iPhone on us offer. It's junk. > > Apple has released security updates to address a security flaw impacting > iOS, iPadOS, and macOS that it said has come under active exploitation in > the wild. > > The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300 > (CVSS score: 8.8), resides in the ImageIO framework and could result in > memory corruption when processing a malicious image. > > "Apple is aware of a report that this issue may have been exploited in an > extremely sophisticated attack against specific targeted individuals," the > company said in an advisory. > > The iPhone maker said the bug was internally discovered and that it was > addressed with improved bounds checking. The following versions address > the security defect - > > iOS 18.6.2 and iPadOS 18.6.2 - iPhone XS and later, iPad Pro 13-inch, iPad > Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation > and later, iPad Air 3rd generation and later, iPad 7th generation and > later, and iPad mini 5th generation and later > iPadOS 17.7.10 - iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, > and iPad 6th generation > macOS Ventura 13.7.8 - Macs running macOS Ventura > macOS Sonoma 14.7.8 - Macs running macOS Sonoma > macOS Sequoia 15.6.1 - Macs running macOS Sequoia > It's currently not known who is behind the attacks and who may have been > targeted, but it's likely that the vulnerability has been weaponised as > part of highly targeted attacks. > > With the latest update, Apple has so far fixed a total of seven zero-days > that have been abused in real-world attacks since the start of the year: > CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025- > 31201, and CVE-2025-43200. > > Last month, the company also issued patches for a Safari vulnerability > residing in an open-source component (CVE-2025-6558) that Google reported > as having been exploited as a zero-day in the Chrome web browser. > > https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero- > day.html > You are living in an Android glass house and throwing stones at iOS: "Google patches two Android zero-days, 120 defects total in September security update. The critical, actively exploited zero-day vulnerabilities affect the Linux kernel and Android runtime." That is just one update! https://cyberscoop.com/android-security-update-september-2025/
[toc] | [prev] | [next] | [standalone]
| From | Jolly Roger <jollyroger@pobox.com> |
|---|---|
| Date | 2025-09-04 20:26 +0000 |
| Message-ID | <mhub0iFtrf5U1@mid.individual.net> |
| In reply to | #197369 |
On 2025-09-04, Tom Elam <thomas.e.elam@gmail.com> wrote: > On 8/28/2025 4:25 AM, Symon wrote: >> >> [a bunch of troll bullshit] > > You are living in an Android glass house and throwing stones at iOS: Juvenile insults and pissing contests are the best this loser has to offer to the world. -- E-mail sent to this address may be devoured by my ravenous SPAM filter. I often ignore posts from Google. Use a real news client instead. JR
[toc] | [prev] | [next] | [standalone]
| From | Hank Rogers <Hank@nospam.invalid> |
|---|---|
| Date | 2025-09-04 15:55 -0500 |
| Message-ID | <109cuc8$20m4j$1@dont-email.me> |
| In reply to | #197370 |
Jolly Roger wrote on 9/4/2025 3:26 PM: > On 2025-09-04, Tom Elam <thomas.e.elam@gmail.com> wrote: >> On 8/28/2025 4:25 AM, Symon wrote: >>> >>> [a bunch of troll bullshit] >> >> You are living in an Android glass house and throwing stones at iOS: > > Juvenile insults and pissing contests are the best this loser has to > offer to the world. > And you NEVER stoop that low, right jolly?
[toc] | [prev] | [next] | [standalone]
| From | Jolly Roger <jollyroger@pobox.com> |
|---|---|
| Date | 2025-09-05 16:46 +0000 |
| Message-ID | <mi0if4Fa4rjU1@mid.individual.net> |
| In reply to | #197371 |
On 2025-09-04, Hank Rogers <Hank@nospam.invalid> wrote: > Jolly Roger wrote on 9/4/2025 3:26 PM: >> On 2025-09-04, Tom Elam <thomas.e.elam@gmail.com> wrote: >>> On 8/28/2025 4:25 AM, Symon wrote: >>>> >>>> [a bunch of troll bullshit] >>> >>> You are living in an Android glass house and throwing stones at iOS: >> >> Juvenile insults and pissing contests are the best this loser has to >> offer to the world. > > And you NEVER stoop that low, right jolly? Only with trolls, and Arlen is King of Loser Trolls. You won't find me slinging insults back at anyone else, since they aren't slinging juvenile insults my way. But you want everyone to ignore that reality, don't you? Because: troll. 😉 -- E-mail sent to this address may be devoured by my ravenous SPAM filter. I often ignore posts from Google. Use a real news client instead. JR
[toc] | [prev] | [next] | [standalone]
| From | Tom Elam <thomas.e.elam@gmail.com> |
|---|---|
| Date | 2025-09-09 19:52 -0400 |
| Message-ID | <109qekc$1afo5$1@dont-email.me> |
| In reply to | #197318 |
On 8/28/2025 4:25 AM, Symon wrote: > Use Apple products at your own risk. Don't fall for the Verizon free > iPhone on us offer. It's junk. > > Apple has released security updates to address a security flaw impacting > iOS, iPadOS, and macOS that it said has come under active exploitation in > the wild. > > The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300 > (CVSS score: 8.8), resides in the ImageIO framework and could result in > memory corruption when processing a malicious image. > > "Apple is aware of a report that this issue may have been exploited in an > extremely sophisticated attack against specific targeted individuals," the > company said in an advisory. > > The iPhone maker said the bug was internally discovered and that it was > addressed with improved bounds checking. The following versions address > the security defect - > > iOS 18.6.2 and iPadOS 18.6.2 - iPhone XS and later, iPad Pro 13-inch, iPad > Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation > and later, iPad Air 3rd generation and later, iPad 7th generation and > later, and iPad mini 5th generation and later > iPadOS 17.7.10 - iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, > and iPad 6th generation > macOS Ventura 13.7.8 - Macs running macOS Ventura > macOS Sonoma 14.7.8 - Macs running macOS Sonoma > macOS Sequoia 15.6.1 - Macs running macOS Sequoia > It's currently not known who is behind the attacks and who may have been > targeted, but it's likely that the vulnerability has been weaponised as > part of highly targeted attacks. > > With the latest update, Apple has so far fixed a total of seven zero-days > that have been abused in real-world attacks since the start of the year: > CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025- > 31201, and CVE-2025-43200. > > Last month, the company also issued patches for a Safari vulnerability > residing in an open-source component (CVE-2025-6558) that Google reported > as having been exploited as a zero-day in the Chrome web browser. > > https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero- > day.html > I don't see a reply to my post on exploited zero-day Android security flaws.
[toc] | [prev] | [next] | [standalone]
| From | Jolly Roger <jollyroger@pobox.com> |
|---|---|
| Date | 2025-09-10 15:44 +0000 |
| Message-ID | <midkmsFhectU1@mid.individual.net> |
| In reply to | #197439 |
On 2025-09-09, Tom Elam <thomas.e.elam@gmail.com> wrote: > On 8/28/2025 4:25 AM, Symon wrote: >> >> Use Apple products at your own risk. Don't fall for the Verizon free >> iPhone on us offer. It's junk. > > I don't see a reply to my post on exploited zero-day Android security > flaws. Even if he did reply, it'd be full of his usual lies and insults. 😉 Speaking of zero days, did you see that Apple just announced a huge security feature called Memory Integrity Enforcement? <https://security.apple.com/blog/memory-integrity-enforcement/> Cool stuff! -- E-mail sent to this address may be devoured by my ravenous SPAM filter. I often ignore posts from Google. Use a real news client instead. JR
[toc] | [prev] | [standalone]
Back to top | Article view | misc.phone.mobile.iphone
csiph-web