home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.sys.mac.advocacy      Steve Jobs fetishistic worship forum      120,746 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 119,410 of 120,746   
   Marian to Marian   
   Re: What did Google's project zero reall   
   22 Dec 25 11:57:55   
   
   XPost: misc.phone.mobile.iphone   
   From: marianjones@helpfulpeople.com   
      
   Marian wrote:   
   > The fact that these bugs survived into production strongly implies that the   
   > affected code had never been fuzzed nor systematically tested with modern   
   > techniques.   
      
   Chris, those were the same references you've been given many times.   
      
   For you to claim "cite please" when you've been given them many times,   
   is not conducive to an adult discussion of what Google said about iOS.   
      
   It's not what adults (should) do.   
      
   Those are just some of the actual references you've been provided.   
   These are not opinions, and they are not blog gossip.   
      
   They are Google Project Zero's own technical analyses of iOS 0-days   
   exploited in the wild.   
      
   Project Zero, "A Very Deep Dive Into iOS Exploit Chains Found in the Wild"   
       
      
     This report shows that multiple iOS exploit chains worked across   
     many iOS versions because the vulnerable code had never been subjected   
     to systematic testing. The bugs were simple logic and memory-safety   
     errors that persisted for years. Project Zero notes that these bugs   
     were shallow, easy to reach, and exactly the kind of issues that   
     modern fuzzing and automated testing would have caught early.   
      
   Project Zero, "Root Cause Analysis: WebKit 0-days"   
       
      
    This analysis explains that many WebKit vulnerabilities exploited   
    in the wild were trivially discoverable by modern coverage-guided   
    fuzzers. Project Zero states that the presence of these bugs in   
    production strongly suggests that the affected WebKit components   
    had not been fuzzed or tested with modern techniques before shipping.   
      
   CyberScoop summary of the Project Zero findings   
       
      
    This article summarizes the Project Zero conclusion that Apple   
    shipped large portions of iOS code that had never been subjected   
    to modern security testing. It is a secondary source, but it   
    accurately reflects the technical findings in the two Project   
    Zero reports above.   
      
   The accurate summary statement is:   
    Project Zero demonstrated that multiple iOS components, including   
    WebKit, contained simple, shallow, trivially fuzzable bugs that   
    survived across many iOS releases. The only reasonable technical   
    conclusion is that these parts of iOS had never been fuzzed or   
    systematically tested with modern techniques before being shipped.   
   --   
   If all people do is deny the facts, and require the facts to be cited   
   over and over again, and yet they don't read them, but still deny them,   
   then no adult conversaion will be possible with those kinds of people.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca