Zero-day means that there were zero days that you could have patched in advance, because the crooks found and started exploiting the bug first, before a patch was available.Īnd RCE means just what it says, namely remote code execution, where the crooks get to run remotely supplied code of their choice, decided at the time you visit their booby-trapped website. Web-based means that the attack can happen right inside your browser, despite all the sandboxing and other protection that is supposed to keep browsing safe. The crooks don’t need to lure you in and then also convince you to download and run a file, or to install a browser plugin, or to enter loads of personal data into an online form you didn’t expect. Shortened into contemporary jargon, that means “ drive-by, web-based zero-day RCE exploit.” Drive-by attacksĭrive-by means that just visiting a website and viewing it is enough to trigger the bug, so you only need to be lured onto a booby-trapped site to take a look. Apple is aware of a report that this issue may have been actively exploited. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. This time, the reason for the latest patches, which apply to macOS, iOS, iPadOS and watchOS, is clear, because four CVE-numbered critical bugs have been squashed, described as follows: Or is the bug so deep and complex that it simply can’t or won’t be fixed and no one is ever going to tell you? Were you wrong, and it wasn’t a bug after all?Īre you being ignored because no one even noticed your report? ![]() As we’ve said before, Apple rarely deviates from this stony-faced silence, which can be annoying when there’s a security problem in Apple’s code that is commonly known and already being discussed widely, yet the company still won’t say whether it’s working on a fix at all.Īfter all, if you’ve reported what you think is a bug but you don’t hear anything more about the issue, it’s hard to know where you stand.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |