home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.sys.mac.advocacy      Steve Jobs fetishistic worship forum      120,746 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 119,409 of 120,746   
   Marian to Marian   
   Re: What did Google's project zero reall   
   22 Dec 25 11:51:47   
   
   XPost: misc.phone.mobile.iphone   
   From: marianjones@helpfulpeople.com   
      
   Marian wrote:   
   > The relevant page is:   
   >     
   >   
   > Google's Project Zero technical conclusion is unambiguous in that the   
   > exploited WebKit bugs were the type that standard fuzzing would have   
   > caught, and the presence of these bugs in production strongly implies that   
   > the iOS code had never been fuzzed nor tested with modern techniques.   
      
   This CyberScoop article summarizes Project Zero's technical findings about   
   a specific class of iOS/WebKit vulnerabilities which were exploited.   
       
      
   The underlying research showed that:   
    a. Several iOS 0-day bugs exploited in the wild were   
       simple memory-safety bugs.   
    b. These bugs were shallow, easy to reach, and exactly   
       the kind of issues that modern fuzzers catch quickly.   
      
   The fact that these bugs survived into production strongly implies that the   
   affected code had never been fuzzed nor systematically tested with modern   
   techniques.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca