Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
iPhone: a zero-day vulnerability allows spying on your personal data
7 views
Skip to first unread message
Arlen Holder
May 6, 2020, 11:04:35 PM5/6/20
to
iPhone, iPad (plus MacOS tools, on github)
Verbatim:
o *iPhone: a zero-day vulnerability allows spying on your personal data*
<https://www.gizchina.com/2020/05/06/iphone-a-zero-day-vulnerability-allows-spying-on-your-personal-data/>
" This affects the latest iOS version 13.4.1."
"After a serious mail vulnerability, a new zero-day vulnerability
has appeared in iOS and iPadOS. Apple is again struggling with a
zero-day bug"
"users' personal data can be hacked due to a bug in reading XML files.
It allows hackers to bypass certain security checks before publication
on the App Store. This enables applications to have unlimited
privileges."
"the bug will be eliminated with the upcoming iOS 13.5 update"
"At the time of writing, this bug is still present on the latest
non-beta version of iOS."
The article published notes said to be from the hacker...
"*Well over 3 years since discovery* is not half bad for such a bug,
but I sure would've loved to keep it another decade or two,
and I know I'll dearly miss it in the time to come."
"We can also ask ourselves *how a bug like that could ever exist*.
Why there are 4 different plist parsers on iOS.
Why we are still using XML even."
See also these tools, also available on MacOS:
o AMFI/amfid entitlements check bypass, iOS sandbox escape.
<https://github.com/Siguza/psychicpaper>
"This repo also contains a tool I called plparse, that can be used
to invoke three different XML/plist parsers present on macOS & iOS.
--
Bringing TRUTH to Apple newsgroup via verbatim application of simple facts.
Verbatim:
o *iPhone: a zero-day vulnerability allows spying on your personal data*
<https://www.gizchina.com/2020/05/06/iphone-a-zero-day-vulnerability-allows-spying-on-your-personal-data/>
" This affects the latest iOS version 13.4.1."
"After a serious mail vulnerability, a new zero-day vulnerability
has appeared in iOS and iPadOS. Apple is again struggling with a
zero-day bug"
"users' personal data can be hacked due to a bug in reading XML files.
It allows hackers to bypass certain security checks before publication
on the App Store. This enables applications to have unlimited
privileges."
"the bug will be eliminated with the upcoming iOS 13.5 update"
"At the time of writing, this bug is still present on the latest
non-beta version of iOS."
The article published notes said to be from the hacker...
"*Well over 3 years since discovery* is not half bad for such a bug,
but I sure would've loved to keep it another decade or two,
and I know I'll dearly miss it in the time to come."
"We can also ask ourselves *how a bug like that could ever exist*.
Why there are 4 different plist parsers on iOS.
Why we are still using XML even."
See also these tools, also available on MacOS:
o AMFI/amfid entitlements check bypass, iOS sandbox escape.
<https://github.com/Siguza/psychicpaper>
"This repo also contains a tool I called plparse, that can be used
to invoke three different XML/plist parsers present on macOS & iOS.
--
Bringing TRUTH to Apple newsgroup via verbatim application of simple facts.
joe
May 9, 2020, 11:34:01 AM5/9/20
to
nospam
May 9, 2020, 11:58:12 AM5/9/20
to
In article <r96ih6$1dv5$1...@esteban.tulanet.com>, joe
<nos...@nospam.invalid> wrote:
>
> is this fixed yet?
yes
<nos...@nospam.invalid> wrote:
>
> is this fixed yet?
yes
Arlen Holder
May 10, 2020, 5:15:41 PM5/10/20
to
In response to what nospam <nos...@nospam.invalid> wrote :
>> is this fixed yet?
>
> yes
It's shocking how little apologists care of their credibility.
o It's why I assess that none of them can possibly be well educated.
They're all fantastically incapable of assessing even simple facts...
o Which, after all, is what makes them apologists.
Likely, it's why they gravitate to extremely highly marketed product.
o They're desperate to _believe_ what MARKETING is glad to feed them.
And yet, the facts remain...
FACT:
"*This 0-day vulnerability affects the latest iOS version 13.4.1*"
FACT:
"*This enables applications to have unlimited privileges*"
FACT:
"*the bug will be eliminated with the upcoming iOS 13.5 update*"
FACT:
Current version 13.4.1, build 17E262 (17E8258 for the 2nd-gen SE)
o Beta version 13.5 Beta 4, build 17F5065a
ASSESSMENT:
o Most likely, this is fixed in the beta, but not the current release.
REFERENCE:
<https://www.gizchina.com/2020/05/06/iphone-a-zero-day-vulnerability-allows-spying-on-your-personal-data/>
--
The apologists are unlike normal adults when it comes to actual facts.
>> is this fixed yet?
>
> yes
o It's why I assess that none of them can possibly be well educated.
They're all fantastically incapable of assessing even simple facts...
o Which, after all, is what makes them apologists.
Likely, it's why they gravitate to extremely highly marketed product.
o They're desperate to _believe_ what MARKETING is glad to feed them.
And yet, the facts remain...
FACT:
"*This 0-day vulnerability affects the latest iOS version 13.4.1*"
FACT:
"*This enables applications to have unlimited privileges*"
FACT:
"*the bug will be eliminated with the upcoming iOS 13.5 update*"
FACT:
Current version 13.4.1, build 17E262 (17E8258 for the 2nd-gen SE)
o Beta version 13.5 Beta 4, build 17F5065a
ASSESSMENT:
o Most likely, this is fixed in the beta, but not the current release.
REFERENCE:
<https://www.gizchina.com/2020/05/06/iphone-a-zero-day-vulnerability-allows-spying-on-your-personal-data/>
--
The apologists are unlike normal adults when it comes to actual facts.
0 new messages