⚠️ Update your iOS devices and Macs, Apple pushed out a security fix that can cause websites to run arbitrary code; this is already been exploited in the wild.
Conversation
Notices
-
Embed this notice
Thomas 🔭🕹️ (thomasfuchs@hachyderm.io)'s status on Saturday, 08-Apr-2023 05:47:00 JST Thomas 🔭🕹️ -
Embed this notice
Thomas 🔭🕹️ (thomasfuchs@hachyderm.io)'s status on Saturday, 08-Apr-2023 05:49:28 JST Thomas 🔭🕹️ CVE numbers and links to Apple's support here: https://hachyderm.io/@bentomn/110159442354770198
-
Embed this notice
Thomas 🔭🕹️ (thomasfuchs@hachyderm.io)'s status on Saturday, 08-Apr-2023 07:06:40 JST Thomas 🔭🕹️ @mjausson yes
In conversation permalink -
Embed this notice
Cecilia Mjausson Huster (mjausson@mastodon.design)'s status on Saturday, 08-Apr-2023 07:06:41 JST Cecilia Mjausson Huster @thomasfuchs But a security fix that causes websites to run arbitrary code sounds bad. Is there a negation missing?
In conversation permalink -
Embed this notice
Thomas 🔭🕹️ (thomasfuchs@hachyderm.io)'s status on Saturday, 08-Apr-2023 07:06:49 JST Thomas 🔭🕹️ @SpaceLifeForm yes
In conversation permalink -
Embed this notice
SpaceLifeForm (spacelifeform@infosec.exchange)'s status on Saturday, 08-Apr-2023 07:06:51 JST SpaceLifeForm You mean a malicious HTML attack exists, right?
In conversation permalink -
Embed this notice
Thomas 🔭🕹️ (thomasfuchs@hachyderm.io)'s status on Saturday, 08-Apr-2023 09:42:25 JST Thomas 🔭🕹️ @SpaceLifeForm No, it’s websites can exploit a WebKit vulnerability and execute arbitrary code on your computer or phone
In conversation permalink -
Embed this notice
SpaceLifeForm (spacelifeform@infosec.exchange)'s status on Saturday, 08-Apr-2023 09:42:26 JST SpaceLifeForm What I was inferring, and did not spell it out, is that it not the really the fault of the client, but must be malicious websites.
If the client side can cause the server to execute arbitrary code, then that is a bigger problem.
Because bad actors would never update their attacking platform.
In conversation permalink
-
Embed this notice