XPost: misc.phone.mobile.iphone   
   From: marianjones@helpfulpeople.com   
      
   Yet another iOS Zero-Day Exploit Chain Apple never caught   
   https://cybersecuritynews.com/ios-zero-day-exploit-chain-leveraged/   
      
   Note that there are so many holes in iOS, that this chain exploited three   
   zero-day holes in a row - which proves Apple is incompetent at QA testing.   
      
   The main reason Apple doesn't catch these is Apple only advertises   
   security. There never was security on an iPhone. It's all propaganda.   
      
   This newly disclosed chain of flaws is a chain of three iOS zero-day   
   vulnerabilities that let attackers go from a single Safari link click to   
   full spyware control of an iPhone.   
      
   Stage 1 - Safari Remote Code Execution   
    Vulnerability: CVE-2023-41993   
    Method: Malicious link opened in Safari   
    Result: Attacker gains arbitrary read/write access inside Safari process   
    Tool: JSKit framework used to run native code   
      
   Stage 2 - Sandbox Escape and Kernel Privilege Escalation   
    Vulnerabilities: CVE-2023-41992 and CVE-2023-41991   
    Method: Exploit breaks out of Safari sandbox   
    Result: Attacker escalates privileges to kernel level   
    Codename: PREYHUNTER   
      
   Stage 3 - Spyware Deployment   
    Payload: Predator spyware modules   
    Components: Helper and Watcher modules   
    Capabilities: Record VoIP calls, capture camera and microphone,   
    log keystrokes, hide notifications   
    Stealth: Stops if security tools or analysis are detected   
      
   Note that the only people who think iOS is secure are people who know   
   nothing, especially since Google proved iOS code has NEVER been tested!   
   --   
   Apple nutcase religious zealot beliefs cannot be supported on facts.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)