XPost: misc.phone.mobile.iphone   
   From: YourName@YourISP.com   
      
   On 2025-12-05 12:44:10 +0000, Brock McNuggets said:   
      
   > On Dec 4, 2025 at 9:47:11 PM MST, "Marian" wrote   
   > <10gto4f$202m$1@nnrp.usenet.blueworldhosting.com>:   
   >   
   >> Yet another iOS Zero-Day Exploit Chain Apple never caught   
   >> https://cybersecuritynews.com/ios-zero-day-exploit-chain-leveraged/   
   >>   
   >> Note that there are so many holes in iOS, that this chain exploited three   
   >> zero-day holes in a row - which proves Apple is incompetent at QA testing.   
   >>   
   >> The main reason Apple doesn't catch these is Apple only advertises   
   >> security. There never was security on an iPhone. It's all propaganda.   
   >>   
   >> This newly disclosed chain of flaws is a chain of three iOS zero-day   
   >> vulnerabilities that let attackers go from a single Safari link click to   
   >> full spyware control of an iPhone.   
   >>   
   >> Stage 1 - Safari Remote Code Execution   
   >> Vulnerability: CVE-2023-41993   
   >> Method: Malicious link opened in Safari   
   >> Result: Attacker gains arbitrary read/write access inside Safari process   
   >> Tool: JSKit framework used to run native code   
   >>   
   >> Stage 2 - Sandbox Escape and Kernel Privilege Escalation   
   >> Vulnerabilities: CVE-2023-41992 and CVE-2023-41991   
   >> Method: Exploit breaks out of Safari sandbox   
   >> Result: Attacker escalates privileges to kernel level   
   >> Codename: PREYHUNTER   
   >>   
   >> Stage 3 - Spyware Deployment   
   >> Payload: Predator spyware modules   
   >> Components: Helper and Watcher modules   
   >> Capabilities: Record VoIP calls, capture camera and microphone,   
   >> log keystrokes, hide notifications   
   >> Stealth: Stops if security tools or analysis are detected   
   >>   
   >> Note that the only people who think iOS is secure are people who know   
   >> nothing, especially since Google proved iOS code has NEVER been tested!   
   >   
   > Yeah, that exploit chain was real — three zero‑days (41993, 41992, 41991)   
   > chained together so a single malicious Safari link could lead to full device   
   > compromise. Predator spyware used it in the wild. Apple patched the issues   
   > once researchers disclosed them.   
   >   
   > But that still doesn’t prove the whole platform is worthless. Every major   
   OS   
   > has zero‑days, including Android and Chrome. What this shows is the   
   obvious:   
   > iOS isn’t magically unbreakable and never has been. Skilled attackers can   
   and   
   > do find holes, and patches matter.   
   >   
   > If you’ve got an argument beyond “Apple is incompetent because   
   zero‑days   
   > exist,” make it. Otherwise you’re just turning normal security research   
   into a   
   > conspiracy theory.   
      
   There's also the fact that 99.9% of these supposed malware problems are   
   theoreticcal and reported by companies who sell anti-malware software   
   ... big surpise, NOT! Almost none have have ever been found on anyone's   
   actual device in the real world, even before being fixed by a security   
   patch.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)