XPost: misc.phone.mobile.iphone   
   From: marianjones@helpfulpeople.com   
      
   Marian wrote:   
   > A relevant cite are Google Project Zero's yearly writeups on 0-days   
   > exploited in the wild, where you can see some of that in this overview.   
   > "0day In-The-Wild Exploitation in 2021" by Maddie Stone, Project Zero   
   >    
   >   
   > But I'll quote others even though all of these have been discussed here.   
      
   The Project Zero statement about Apple shipping code that had never been   
   fuzzed comes from their root-cause analysis of iOS WebKit vulnerabilities.   
      
   This source has been cited MANY TIMES in this newsgroup, so it's not the   
   adult thing to do if people on this newsgroup claim it's not a fact simply   
   because they may refuse to click and read and understand what Google found.   
      
   One relevant source is Google Project Zero   
    *Root Cause Analysis: WebKit 0-days*   
       
      
   In that analysis, Project Zero explains that:   
      
   Many WebKit bugs exploited in the wild were "trivially discoverable" by   
   modern fuzzers.   
      
   The vulnerable code paths had never been subjected to coverage-guided   
   fuzzing.   
      
   Apple was repeatedly shipping WebKit code that would have been caught by   
   standard fuzzing techniques used by other vendors.   
      
   The exploited iOS WebKit bugs were in code that would have been found by   
   basic fuzzing, but Apple had not applied those techniques to that code.   
      
   This is just one of many citations we've referred to when we say Project   
   Zero found that Apple shipped unfuzzed code.   
   --   
   Part of being an adult is acting like an adult, where simply claiming all   
   facts we're ignorant of can't possibly exist is not what adults should do.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)