iOS 17.0.3 has dropped

Time for the resident troll to circle jerk with his sock drawer.

You hate me, Hemidactyulus... *because you fear me*.

LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL

Alan Browne

2023-10-04 21:41:31 UTC

Post by Alan

Time for the resident troll to circle jerk with his sock drawer.

You hate me, Hemidactyulus... *because you fear me*.

Not nearly enough LOL's. Do try harder.

--
“Markets can remain irrational longer than your can remain solvent.”
- John Maynard Keynes.

Wally J

2023-10-04 22:49:27 UTC

Post by Alan Browne
Not nearly enough LOL's. Do try harder.

It's no longer shocking how much you ignorant iKooks fear the truth.

Did you know what else is in this 17.0.3 release?
It's big.

Really big.

Hint: No smartphone OS is anywhere nearly as insecure as iOS is.
(hackers don't even need to be within a thousand miles of your phone to
completely and fully take it over any time they want to - for years!)

*Hemidactylus*

2023-10-04 23:02:13 UTC

Post by Alan Browne
Not nearly enough LOL's. Do try harder.

It's no longer shocking how much you ignorant iKooks fear the truth.
Did you know what else is in this 17.0.3 release?
It's big.
Really big.
Hint: No smartphone OS is anywhere nearly as insecure as iOS is.
(hackers don't even need to be within a thousand miles of your phone to
completely and fully take it over any time they want to - for years!)

Elmer FUD.

Dorper

2023-10-04 23:35:56 UTC

Post by Wally J
hackers don't even need to be within a thousand miles of your phone to
completely and fully take it over any time they want to - for years!
A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS

before iOS 16.6.

Wally would you mind explaining what the word "local" means?

Wally J

2023-10-05 01:21:02 UTC

Post by Wally J
hackers don't even need to be within a thousand miles of your phone to
completely and fully take it over any time they want to - for years!
A local attacker may be able to elevate their privileges.
Apple is aware of a report that this issue may have been actively
exploited against versions of iOS before iOS 16.6.

Wally would you mind explaining what the word "local" means?

You're right! I made a minor mistake - but it's a mistake nonetheless.
And you caught it.

Thanks for pointing that out.

Wow. An intelligent person on the Apple newsgroup.
Now that's a shock.

I'm not used to people like you on the Apple newsgroups, Dorper.
"The zero-day (CVE-2023-42824) is caused by a weakness discovered
in the XNU kernel that enables *local* attackers to escalate
privileges on unpatched iPhones and iPads."

"The list of impacted devices is quite extensive, and it includes:
iPhone XS and later, plus
iPad Pro 12.9-inch 2nd generation and later, plus
iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, plus
iPad Air 3rd generation and later, plus
iPad 6th generation and later, plus
and iPad mini 5th generation and later"

Kudos to you for being able to comprehend at the adult detail level!
(All the iKooks ever do is deny every fact about Apple ever existing.)
<https://www.bleepingcomputer.com/news/apple/apple-emergency-update-fixes-new-zero-day-used-to-hack-iphones/>

I agree with you (as I never disagree with any sensible statement).
<https://support.apple.com/en-us/HT213961>

You're completely correct that I was referring to the long-exploited
security hole in iOS before 16.6 to now - which was a "local" exploit!

Everything I said was correct _except_ for the thousand miles in
that one case - but let's look at the other zero-days in this release.
libvpx 1.13.1 [CVE-2023-5217]
"Apple also addressed a zero-day tracked as CVE-2023-5217
and caused by a heap buffer overflow weakness in the VP8 encoding
of the open-source libvpx video codec library."

Notice iOS has two to three times the number of zero-day holes than
does Android - and more than ten times the active exploits...
"17 zero-days exploited in attacks fixed this year"

Where the main reason iOS is so incredibly insecure is mostly due to
the primitive monolithic release mechanism that only Apple uses.

Nobody. Nobody at all. Nobody else who makes an OS uses the primitive
monolithic system that Apple uses - and all support more than 1 release!

Because of that, Apple will _always_ have the least secure devices
(because it gives attackers tons & tons of time to attack - that's why).

--
My job on the child-like Apple newsgroups is to bring up the truth
and to show the ignorant low-IQ uneducated iKooks for what they are.

Wally J

2023-10-05 01:31:36 UTC

Post by Wally J
Wow. An intelligent person on the Apple newsgroup.
Now that's a shock.
I'm not used to people like you on the Apple newsgroups, Dorper.
"The zero-day (CVE-2023-42824) is caused by a weakness discovered
in the XNU kernel that enables *local* attackers to escalate
privileges on unpatched iPhones and iPads."

Since I almost never make a mistake in facts (it's almost unheard of),
I instantly updated the canonical thread - kindly opened by badgolferman.

*Updating the "wrong - by badgolferman" thread from May 29, 2019*
<https://groups.google.com/g/misc.phone.mobile.iphone/c/Pg9fi_sV3CU/m/Rmw_xq74CQAJ>

Since I'm an extremely well educated sensibly logical adult, I back up
my statements with cites and references as I try to speak only facts.

Lambaste me if I ever disagree with a fact - only fools disagree with facts
- that's _why_ they are fools - and likewise you can deprecate me if I ever
disagree with a sensible logical statement which is an assessment of facts.

Only fools (or iKooks) do that (e.g., Alan Browne's "What walled garden?").
Not extremely well-educated rather intelligent sensibly logical adults.
Which I am.

--
My job on the child-like Apple newsgroups is to bring up the truth
and to show the ignorant low-IQ uneducated iKooks for what they are.

Jolly Roger

2023-10-05 01:43:42 UTC

Post by Wally J
I almost never make a mistake in facts (it's almost unheard of)
I'm an extremely well educated sensibly logical adult
I try to speak only facts
Not extremely well-educated rather intelligent sensibly logical adults.
Which I am.

The lady doth protest too much, me thinks. 🙂

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

Wally J

2023-10-05 02:27:13 UTC

Post by Jolly Roger
The lady doth protest

Will you ever post a comment that is befitting an adult, Jolly Roger?

Jolly Roger

2023-10-05 02:28:26 UTC

Post by Jolly Roger
The lady doth protest

Blah blah blah blah

"WAHHHHH!!!! He huwt my feewings!" 🤣

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

Wally J

2023-10-05 17:30:25 UTC

Blah blah blah blah

"WAHHHHH!!!! He huwt my feewings!"

Such an adult these iKooks like Jolly Roger are...

What's no longer shocking is how deathly afraid iKooks are of facts.

Jolly Roger

2023-10-05 23:37:41 UTC

Blah blah blah blah

"WAHHHHH!!!! He huwt my feewings!"

Such an adult these iKooks like Jolly Roger are...
What's no longer shocking is how deathly afraid iKooks are of facts.

Cry harder, weakling. 🤣

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

Dorper

2023-10-05 01:38:01 UTC

Post by Wally J
Everything I said was correct _except_ for the thousand miles in
that one case - but let's look at the other zero-days in this release.
libvpx 1.13.1 [CVE-2023-5217]
"Apple also addressed a zero-day tracked as CVE-2023-5217
and caused by a heap buffer overflow weakness in the VP8 encoding
of the open-source libvpx video codec library."

I wonder who makes libvpx... Could it be Google? Oh it is Google! I wonder
what contains libvpx as a dependency, oh it's Chrome!
https://www.rezilion.com/blog/the-cve-2023-5217-deja-vu-another-actively-
exploited-chrome-vulnerability-affecting-a-webm-project-library-libvpx/
You know, the web browser that ships with every Android phone.

Post by Wally J
Notice iOS has two to three times the number of zero-day holes than
does Android - and more than ten times the active exploits...
"17 zero-days exploited in attacks fixed this year"

The term zero-day doesn't mean anything. Any security flaw that isn't
intentionally put in there is a zero-day. You can go check the NVD and you
will see that the # of CVEs for Android is higher than the # of CVEs for iOS.
I don't know where you are getting this "3x" number from.

Jolly Roger

2023-10-05 01:40:57 UTC

Everything I said was correct _except_ for the thousand miles in that
one case - but let's look at the other zero-days in this release.
libvpx 1.13.1 [CVE-2023-5217] "Apple also addressed a zero-day
tracked as CVE-2023-5217 and caused by a heap buffer overflow
weakness in the VP8 encoding of the open-source libvpx video codec
library."

I wonder who makes libvpx... Could it be Google? Oh it is Google! I
wonder what contains libvpx as a dependency, oh it's Chrome!
https://www.rezilion.com/blog/the-cve-2023-5217-deja-vu-another-actively-
exploited-chrome-vulnerability-affecting-a-webm-project-library-libvpx/
You know, the web browser that ships with every Android phone.

LOL! Arlen is such a clown. 🤣

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

Wally J

2023-10-05 02:26:16 UTC

Post by Jolly Roger
such a clown

Have you ever posted something that an adult would be proud of, JR?

While Dorper is confused about the difference between a zero-day bug and a
regular bug - you have added absolutely no value to this thread topic.

In fact, your childish comments are of uneducated low-IQ negative value.

Jolly Roger

2023-10-05 02:27:31 UTC

Post by Jolly Roger
such a clown

Blah blah blah blah

Cry harder, Arlen.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

Wally J

2023-10-05 17:32:10 UTC

Post by Jolly Roger
such a clown

Blah blah blah blah

Cry harder, Arlen.

It's no longer shocking that the iKooks revert to instant kindergarten when
they can't come up with any more excuses for facts about Apple's products.

Jolly Roger

2023-10-05 23:38:47 UTC

Post by Jolly Roger
such a clown

Blah blah blah blah

Cry harder, Arlen.

It's no longer shocking that the iKooks blah blah blah

It's no longer shocking that Arlen still can't provide a source for his
made-up words he attributes to Apple. Arlen is ever the shit-talking
child.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

Alan

2023-10-05 02:45:35 UTC

Post by Jolly Roger
such a clown

Have you ever posted something that an adult would be proud of, JR?
While Dorper is confused about the difference between a zero-day bug and a
regular bug - you have added absolutely no value to this thread topic.
In fact, your childish comments are of uneducated low-IQ negative value.

Have you ever posted anything that doesn't warrant a good slap if you
said it face to face?

Alan

2023-10-05 01:50:43 UTC

Post by Wally J
Notice iOS has two to three times the number of zero-day holes than
does Android - and more than ten times the active exploits...
"17 zero-days exploited in attacks fixed this year"

His very fertile, Apple-hating imagination of course!

Wally J

2023-10-05 02:22:31 UTC

Post by Dorper
I wonder who makes libvpx... Could it be Google? Oh it is Google! I wonder
what contains libvpx as a dependency, oh it's Chrome!
https://www.rezilion.com/blog/the-cve-2023-5217-deja-vu-another-actively-
exploited-chrome-vulnerability-affecting-a-webm-project-library-libvpx/
You know, the web browser that ships with every Android phone.

Doesn't matter to my point which is that iOS had the zero-day hole
which Apple didn't know about until someone else (Google it was!)
told Apple about it.

The point is not any one hole but the fact Apple has two to three times the
zero-day holes for mainly one reason and mainly that one reason alone.

Do you know why Apple has two to three times the zero-day holes Dorper?
I do.

Post by Wally J
Notice iOS has two to three times the number of zero-day holes than
does Android - and more than ten times the active exploits...
"17 zero-days exploited in attacks fixed this year"

The term zero-day doesn't mean anything.

WTF? It means it was completely unknown to Apple at the time it was
reported to Apple - which - by definition - means Apple didn't find it.

If we look at the number of zero-day holes for iOS this year, it's 17.
Compare that to the zero-day holes in Android, Dorper.

And then tell me why Apple's iOS zero-day holes are so much higher?

HINT: Think about the primitive release mechanism that only iOS uses.

Post by Dorper
Any security flaw that isn't intentionally put in there is a zero-day.

This is wrong. No wonder you don't understand a word I've been saying.
If Apple _finds_ the bug, it's _not_ a zero-day bug, Dorper.

That's the whole point of being "day zero" for God's sake.
You need to understand that if you're going to dispute facts about Apple.

Before you respond to my adult intelligently written post, please do this.
<https://duckduckgo.com/?&q=what+is+a+zero-day+bug>

Pick any one of the results & _read_ it before you respond further to me.
<https://en.wikipedia.org/wiki/Zero-day_(computing)>
<https://www.csoonline.com/article/565704/zero-days-explained-how-unknown-vulnerabilities-become-gateways-for-attackers.html>

The *most important* attribute of those zero-day holes in iOS is that
those zero days are never caught by Apple by definition - all 17 of the
zero-day holes this year in iOS were _told_ to Apple by other people.

That's how zero day holes work.
That means "someone else" caught them first.

What it means is hackers have more time to exploit them as they're not just
"regular bugs" that Apple catches in the normal Apple QA testing process.

Post by Dorper
You can go check the NVD and you
will see that the # of CVEs for Android is higher than the # of CVEs for iOS.
I don't know where you are getting this "3x" number from.

Keep in mind the difference between a bug and a zero-day bug.
They're not the same as what matters is who caught them first.
Insiders or outsiders.

When outsiders catch them - that's really bad.
And Apple has two to three times the bugs that Apple doesn't catch.

Outsiders do.
And that's bad.

Because that's why iOS is exploited more than ten times that of Android.

Jolly Roger

2023-10-05 02:29:34 UTC

Doesn't matter

Yes, yes, it "doesn't matter" that Google *CREATED* the zero day! 🤣

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

candycanearter07

2023-10-05 02:43:38 UTC

Post by Jolly Roger
Yes, yes, it "doesn't matter" that Google *CREATED* the zero day! 🤣

But how fast will the fix be implemented in Google products vs Apple?

--
user <candycane> is generated from /dev/urandom

Jolly Roger

2023-10-05 02:49:23 UTC

Post by candycanearter07

Post by Jolly Roger
Yes, yes, it "doesn't matter" that Google *CREATED* the zero day! 🤣

But how fast will the fix be implemented in Google products vs Apple?

Try to pay attention. It was patched by Apple in iOS 17.03, which is
what this entire thread is about:

<https://support.apple.com/en-us/HT213961>

Were you born slow, or is this just a recent thing? It's no wonder you
gleefully fall for the troll gang's bullshit here.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

candycanearter07

2023-10-05 02:41:48 UTC

Post by Wally J
WTF? It means it was completely unknown to Apple at the time it was
reported to Apple - which - by definition - means Apple didn't find it.
This is wrong. No wonder you don't understand a word I've been saying.
If Apple _finds_ the bug, it's _not_ a zero-day bug, Dorper.
That's how zero day holes work.
That means "someone else" caught them first.

That makes a lot more sense when put that way, Ty

--
user <candycane> is generated from /dev/urandom

Wally J

2023-10-05 03:00:42 UTC

Post by candycanearter07

Post by Wally J
This is wrong. No wonder you don't understand a word I've been saying.
If Apple _finds_ the bug, it's _not_ a zero-day bug, Dorper.
That's how zero day holes work.
That means "someone else" caught them first.

That makes a lot more sense when put that way, Ty

Thanks for appreciating the simple distinction for what a zero-day is.

Having worked in software for many decades, I'm well aware of how a
zero-day hole differs from a regular bug - but when I looked up a reference
for Dorper - I was chagrined to see they don't explain it well (IMHO).

It's a simple as what I said - which is it's a hole someone else found
(which means they got the jump on Apple twice as often as with Android).

I'm sure the iKooks who are always uneducated and ignorant about everything
(hell, they still think Apple fully patches more than a single release!),
will quibble about the definition but look at what it says here...
<https://en.wikipedia.org/wiki/Zero-day_(computing)>

The first sentence says what I said, only a bit more convolutedly so:
"A zero-day (also known as a 0-day) is a vulnerability in a
computer system that was previously unknown to its developers
or anyone capable of mitigating it."

In this case, the bug is known to "someone" well before Apple has a clue.
That's bad.

What's worse is iOS has two to three times these as does Android.
That's really bad.

Look at this definition, which again doesn't say it as simply as I do
(but I've worked with complex software for decades so I know what it is).
<https://www.csoonline.com/article/565704/zero-days-explained-how-unknown-vulnerabilities-become-gateways-for-attackers.html>

Again, it shows that "someone" knows about it before Apple does.
"Borrowed into the world of cybersecurity, the name evokes a scenario
where an attacker has gotten the jump on a software vendor,
implementing attacks that exploit the flaw before the good guys
of infosec are able to respond."

I think Dorper is NOT an ignorant uneducated low-IQ person.
I think he's probably normal in terms of intelligence & cognizance.

So I was wondering _why_ Dorper wasn't aware that iOS always has two
to three times the number of zero-day holes than does Android.

It turns out Dorper wasn't aware of what a zero-day hole is.
And that's fine.

Ignorance can be (easily) cured (so I'm not worried about Dorper).
It's stupidity that can't be cured (e.g., the IQ of all of the iKooks).

The two questions I'd like to ask Dorper why he thinks are happening are
1. Why is iOS historically two to three times worse in zero-day holes?
2. Why is iOS historically always exploited around ten times more?

Bear in mind I think I know exactly why - and it's two different answers.
Where both have a lot to do with how Apple builds, tests & releases iOS.

--
If you're unaware of how differently Apple builds, tests and releases iOS,
then you'll never be able to understand why iOS is so vastly more insecure.

Dorper

2023-10-05 03:17:45 UTC

(words words words)

A list of vulns that had to be patched in JUST the last month in Android:

CVE-2023-21266
A-223376078
(https://android.googlesource.com/platform/frameworks/base/+/5b7edbf2ba076b040
00eb5d27101927eeb609c26)
EoP
High
11, 12, 12L, 13

CVE-2023-40116
A-270368476
(https://android.googlesource.com/platform/frameworks/base/+/18c3b194642f3949d
09e48c21da5658fa04994c8) [2
(https://android.googlesource.com/platform/frameworks/base/+/18c3b194642f3949d
09e48c21da5658fa04994c8)]
EoP
High
11, 12, 12L

CVE-2023-40120
A-274775190
(https://android.googlesource.com/platform/frameworks/base/+/d26544e5a4fd554b7
90b4d0c5964d9e95d9e626b)
EoP
High
11, 12, 12L, 13

CVE-2023-40131
A-282919145
(https://android.googlesource.com/platform/frameworks/native/+/0cda11569dd256f
f3220b4fe44f861f8081d7116)
EoP
High
12, 12L, 13

CVE-2023-40140
A-274058082
(https://android.googlesource.com/platform/frameworks/base/+/2d88a5c481df8986d
bba2e02c5bf82f105b36243)
EoP
High
11, 12, 12L, 13

CVE-2023-21291
A-277593270
(https://android.googlesource.com/platform/frameworks/base/+/cb6282e8970f4c9db
5497889699e68fb2038566e)
ID
High
11, 12, 12L, 13

CVE-2023-40121
A-224771621
(https://android.googlesource.com/platform/frameworks/base/+/3287ac2d2565dc96b
f6177967f8e3aed33954253)
ID
High
11, 12, 12L, 13

CVE-2023-40134
A-283101289
(https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c55
29115cc1a1e0c97cd503f33)
ID
High
12, 12L, 13

CVE-2023-40136
A-281666022
(https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c55
29115cc1a1e0c97cd503f33)
ID
High
11, 12, 12L, 13

CVE-2023-40137
A-281665050
(https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c55
29115cc1a1e0c97cd503f33)
ID
High
11, 12, 12L, 13

CVE-2023-40138
A-281534749
(https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c55
29115cc1a1e0c97cd503f33)
ID
High
11, 12, 12L, 13

CVE-2023-40139
A-281533566
(https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c55
29115cc1a1e0c97cd503f33)
ID
High
11, 12, 12L, 13

CVE-2023-40129
A-273874525
(https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c0151a
a3ba76c785b32c7f9d16c98febe53017b1)
RCE
Critical
12, 12L, 13

CVE-2023-21244
A-276729064
(https://android.googlesource.com/platform/frameworks/base/+/3a448067ac9ebdf66
9951e90678c2daa592a81d3) [2
(https://android.googlesource.com/platform/frameworks/base/+/20aedba4998373add
c2befcc455a118585559fef)] [3
(https://android.googlesource.com/platform/frameworks/base/+/5a3d0c131175d923c
f35c7beb3ee77a9e6485dad)]
EoP
High
11, 12, 12L, 13

CVE-2023-40117
A-253043065
(https://android.googlesource.com/platform/packages/apps/Settings/+/11815817de
2f2d70fe842b108356a1bc75d44ffb) [2
(https://android.googlesource.com/platform/frameworks/base/+/ff86ff28cf82124f8
e65833a2dd8c319aea08945)]
EoP
High
11, 12, 12L, 13

CVE-2023-40125
A-279902472
(https://android.googlesource.com/platform/packages/apps/Settings/+/63d464c3fa
5c7b9900448fef3844790756e557eb)
EoP
High
11, 12, 12L, 13

CVE-2023-40128
A-274231102
(https://android.googlesource.com/platform/external/libxml2/+/1ccf89b87a3969ed
d56956e2d447f896037c8be7)
EoP
High
11, 12, 12L, 13

CVE-2023-40130
A-289809991
(https://android.googlesource.com/platform/packages/services/Telecomm/+/5b3354
01d1c8de7d1c85f4a0cf353f7f9fc30218)
EoP
High
11, 12, 12L, 13

CVE-2023-40123
A-278246904
(https://android.googlesource.com/platform/frameworks/base/+/7212a4bec2d2f1a74
fa54a12a04255d6a183baa9)
ID
High
11, 12, 12L, 13

CVE-2023-40127
A-262244882
(https://android.googlesource.com/platform/packages/providers/MediaProvider/+/
747431250612507e8289ae8eb1a56303e79ab678)
ID
High
11, 12, 12L, 13

CVE-2023-40133
A-283264674
(https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c55
29115cc1a1e0c97cd503f33)
ID
High
11, 12, 12L, 13

CVE-2023-40135
A-281848557
(https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c55
29115cc1a1e0c97cd503f33)
ID
High
11, 12, 12L, 13

CVE-2023-21252
A-275339978
(https://android.googlesource.com/platform/packages/modules/Wifi/+/044ab068415
3c4effb9f4fda47df43ccdc77bda8) [2
(https://android.googlesource.com/platform/packages/modules/Wifi/+/50b08ee30e0
4d185e5ae97a5f717d436fd5a90f3)]
DoS
High
11, 12, 12L, 13

CVE-2023-21253
A-266580022
(https://android.googlesource.com/platform/frameworks/base/+/84df68840b6f24071
46e722ebd95a7d8bc6e3529) [2
(https://android.googlesource.com/platform/tools/apksig/+/039f815895f62c9f8af2
3df66622b66246f3f61e)] [3
(https://android.googlesource.com/platform/tools/apksig/+/41d882324288085fd32a
e0bb70dc85f5fd0e2be7)]
DoS
High
11, 12, 12L, 13

MediaProvider
CVE-2023-40127

WiFi
CVE-2023-21252

CVE-2021-44828
A-296461583 *
(https://source.android.com/docs/security/bulletin/2023-10-01#asterisk)
High
Mali

CVE-2022-28348
A-296463357 *
(https://source.android.com/docs/security/bulletin/2023-10-01#asterisk)
High
Mali

CVE-2023-4211
A-294605494 *
(https://source.android.com/docs/security/bulletin/2023-10-01#asterisk)
High
Mali

CVE-2023-33200
A-287627703 *
(https://source.android.com/docs/security/bulletin/2023-10-01#asterisk)
High
Mali

CVE-2023-34970
A-287624919 *
(https://source.android.com/docs/security/bulletin/2023-10-01#asterisk)
High
Mali

CVE-2023-20819
A-294779648
M-MOLY01068234 *
(https://source.android.com/docs/security/bulletin/2023-10-01#asterisk)
High
CDMA PPP protocol

CVE-2023-32819
A-294779649
M-ALPS07993705 *
(https://source.android.com/docs/security/bulletin/2023-10-01#asterisk)
High
display

CVE-2023-32820
A-294781433
M-ALPS07932637 *
(https://source.android.com/docs/security/bulletin/2023-10-01#asterisk)
High
wlan firmware

CVE-2023-40638
A-296491611
U-2212107*
(https://source.android.com/docs/security/bulletin/2023-10-01#asterisk)
High
Android

CVE-2023-33029
A-290061916
QC-CR#3446314
(https://git.codelinaro.org/clo/la/kernel/msm-5.4/-
/commit/d4b9e0d3bfcb5213e23f5642cb8dcc1433542303)
High
Kernel

CVE-2023-33034
A-290060972
QC-CR#3438425
(https://git.codelinaro.org/clo/la/platform/vendor/opensource/audio-kernel/-
/commit/dcfb376d706d85a27a9cdbda43b4701747dafd6f)
High
Audio

CVE-2023-33035
A-290061247
QC-CR#3438021
(https://git.codelinaro.org/clo/la/platform/vendor/opensource/audio-kernel/-
/commit/00dc5c043e24be3e38a93b6a7d17d1a474f713c6)
High
Audio

CVE-2023-24855
A-276750662 *
(https://source.android.com/docs/security/bulletin/2023-10-01#asterisk)
Critical
Closed-source component

CVE-2023-28540
A-276751073 *
(https://source.android.com/docs/security/bulletin/2023-10-01#asterisk)
Critical
Closed-source component

CVE-2023-33028
A-290060590 *
(https://source.android.com/docs/security/bulletin/2023-10-01#asterisk)
Critical
Closed-source component

CVE-2023-21673
A-276750698 *
(https://source.android.com/docs/security/bulletin/2023-10-01#asterisk)
High
Closed-source component

CVE-2023-22385
A-276750699 *
(https://source.android.com/docs/security/bulletin/2023-10-01#asterisk)
High
Closed-source component

CVE-2023-24843
A-276750762 *
(https://source.android.com/docs/security/bulletin/2023-10-01#asterisk)
High
Closed-source component

CVE-2023-24844
A-276750872 *
(https://source.android.com/docs/security/bulletin/2023-10-01#asterisk)
High
Closed-source component

CVE-2023-24847
A-276751090 *
(https://source.android.com/docs/security/bulletin/2023-10-01#asterisk)
High
Closed-source component

CVE-2023-24848
A-276750995*
(https://source.android.com/docs/security/bulletin/2023-10-01#asterisk)
High
Closed-source component

CVE-2023-24849
A-276751370*
(https://source.android.com/docs/security/bulletin/2023-10-01#asterisk)
High
Closed-source component

CVE-2023-24850
A-276751108 *
(https://source.android.com/docs/security/bulletin/2023-10-01#asterisk)
High
Closed-source component

CVE-2023-24853
A-276751372 *
(https://source.android.com/docs/security/bulletin/2023-10-01#asterisk)
High
Closed-source component

CVE-2023-33026
A-290061996 *
(https://source.android.com/docs/security/bulletin/2023-10-01#asterisk)
High
Closed-source component

CVE-2023-33027
A-290061249 *
(https://source.android.com/docs/security/bulletin/2023-10-01#asterisk)
High
Closed-source component

CVE-2023-4863
A-299477569
RCE
Critical
11, 12, 12L, 13

Wally J

2023-10-05 03:30:21 UTC

(words words words)

Hi Dorper,

I feel sorry for you.
I really do.

I think it's revealing that you think the clarification of what a zero-day
bug is (compared to the thousands upon thousands of "regular" bugs) is
"words... words... words"

It's like explaining to a dog the metric tensor in Einstein's equations.

To you, the fact iOS has 17 zero-day holes is the same as the tens of
thousands (who knows how many!) "bugs" that Apple found in iOS software.

Who is that ignorant?

You need to stop defending Apple to the death, Dorper.
You need to put your adult hat on and distuingish between types of bugs.
a. You need to understand that 17 zero-day bugs is a lot,
b. While thousands (upon thousands) of regular bugs is just normal.

You don't understand that yet.
Until you do - no adult conversation is possible with you.

I will simply restate my point of view based on the facts of the matter.
a. iOS has two to three times the zero-day holes, and, worse,
b. iOS has ten times the _exploited_ zero-day holes.

That's bad.
Really bad.

The reason is patently obvious why iOS is so horribly insecure though.
But you have to understand how iOS is built, tested & released to know why.

--
My goal is to bring an adult conversation to the child-like Apple
newsgroups in terms of helping participants understand what they should.

Dorper

2023-10-05 03:44:37 UTC

(words words words)

Hi Dorper,
(words words words)

Dude you repeating "iOS has 3x the zero days" does not make it true. Where
are you pulling this number from. Previously you linked the NVD, which is a
list of what you call "bugs" and tried to say that this means that Apple has
more "zero-days" (this word has issues as modern operating systems have
components made by many people, if the creator of cURL discovers a vuln in
cURL and fixes it, does that mean that Ubuntu, OS X, etc. have zero days
because the bug is present in the software and known about before the
distributions can release the patched version of cURL. There does not seem to
be much of a difference. Unless you only compiled cURL from source, like
Gentoo users do, then you would be effectively exposed to a zero day.
Therefore, I take issue with the term.)

I really want to know why you linked to the NVD and what you were trying to
show by doing so. Also, NVD, fyi, is a mirror of the MITRE corporation's CVE
system, it is not really run by the US government, like you claim. So you can
go add that to your "i was wrong" thread.

Wally J

2023-10-05 17:21:29 UTC

Post by Dorper
Dude you repeating "iOS has 3x the zero days" does not make it true.

"Dude" (or, if you're female... "Bitch")... those were 17 _exploited_ zero
day holes, and yes, everyone but you knows this - as it's simply a fact.

The fact you're completely unaware of facts doesn't make them not facts.

I quoted exactly where that came from so many times that for you to
_remain_ completely ignorant of every fact about Apple, means you haven't
clicked on a single reference that has been provided to you on this topic.

If I provide a reference, please do not say that the reference doesn't
exist simply because you don't like what the reference is telling you.

That's probably 90% of all the iKooks' posts in this newsgroup, Dorper.
*They _hate_ facts - so they simply deny the existence of all facts.*

I was hoping you'd be more intelligent than the iKooks are, Dorper.

BTW, there's a reason Apple has so many zero-day exploits, Dorper.
<https://www.securityweek.com/apple-warns-of-newly-exploited-ios-17-kernel-zero-day/>
"This is the 16th documented in-the-wild zero-day against Apple's iOS,
iPadOS and macOS-powered devices, according to data tracked by
SecurityWeek."

Although the number is apparently 17 according to SecurityWeek themselves.
<https://cybersecurityworldconference.com/2023/10/04/apple-fixed-the-17th-zero-day-flaw-exploited-in-attacks/>

And others... so the 16 active exploits may just be date related.
<https://thehackernews.com/2023/10/apple-rolls-out-security-patches-for.html>
"With the new development, Apple has addressed a total of 17 actively
exploited zero-days in its software since the start of the year."

Dorper - if you're going to act like an adult, you have to comprehend facts
(e.g., you can't claim all bugs are zero-day bugs, for example).

That's the kind of idiocy that the iKooks do.
Let's hope you are not an iKook for God's sake.

Remember, all adults agree on the facts.
Only fools disagree on facts - that's why they're fools.

No intelligent discourse can occur until adults agree on facts.
Only _after_ we agree on facts, can an intelligent conversation ensue.

Do you yet agree that Apple has had 17 zero-day exploits this year, Dorper?
Yes? or No?

Note: Not all might be iOS though - but most seem to be (if not all).

--
HINT: You have to click on the link & read it (that's why I put it there);
then you have to understand what the article says about the exploits.

Dorper

2023-10-06 04:15:49 UTC

Post by Dorper
Dude you repeating "iOS has 3x the zero days" does not make it true.

"Dude" (or, if you're female... "Bitch")... those were 17 _exploited_ zero
day holes, and yes, everyone but you knows this - as it's simply a fact.
The fact you're completely unaware of facts doesn't make them not facts.
I quoted exactly where that came from so many times that for you to
_remain_ completely ignorant of every fact about Apple, means you haven't
clicked on a single reference that has been provided to you on this topic.
If I provide a reference, please do not say that the reference doesn't
exist simply because you don't like what the reference is telling you.
That's probably 90% of all the iKooks' posts in this newsgroup, Dorper.
*They _hate_ facts - so they simply deny the existence of all facts.*
I was hoping you'd be more intelligent than the iKooks are, Dorper.
BTW, there's a reason Apple has so many zero-day exploits, Dorper.
<https://www.securityweek.com/apple-warns-of-newly-exploited-ios-17-kernel-zer
o-day/>
"This is the 16th documented in-the-wild zero-day against Apple's iOS,
iPadOS and macOS-powered devices, according to data tracked by
SecurityWeek."
Although the number is apparently 17 according to SecurityWeek themselves.
<https://cybersecurityworldconference.com/2023/10/04/apple-fixed-the-17th-zero
-day-flaw-exploited-in-attacks/>
And others... so the 16 active exploits may just be date related.
<https://thehackernews.com/2023/10/apple-rolls-out-security-patches-for.html>
"With the new development, Apple has addressed a total of 17 actively
exploited zero-days in its software since the start of the year."
Dorper - if you're going to act like an adult, you have to comprehend facts
(e.g., you can't claim all bugs are zero-day bugs, for example).
That's the kind of idiocy that the iKooks do.
Let's hope you are not an iKook for God's sake.
Remember, all adults agree on the facts.
Only fools disagree on facts - that's why they're fools.
No intelligent discourse can occur until adults agree on facts.
Only _after_ we agree on facts, can an intelligent conversation ensue.
Do you yet agree that Apple has had 17 zero-day exploits this year, Dorper?
Yes? or No?
Note: Not all might be iOS though - but most seem to be (if not all).

The issue isn't about if there were 17 zero-day exploits. The issue is that
you say that this is 3x higher than the number of exploits for Android. That
is what everyone is having a problem with. You do ignore vulns that aren't
zero days which isn't fair because they still are risks for users of older
devices and people who have not updated. And for Open Source projects the
term "zero-day" doesn't really make sense.

The zero day exploits published by Android this year:
CVE-2023-4211 (Mali GPU Driver, ARM Holdings)
CVE-2023-35674 (Android, Google)
CVE-2023-4863 (libwebp, Google)
CVE-2023-26083 (Mali GPU Driver, ARM Holdings)
CVE-2023-2136 (Skia, Google)
CVE-2021-29256 (Mali GPU Driver, ARM Holdings)
CVE-2022-22706 (Mali GPU Driver, ARM Holdings)
CVE-2021-22600 (Linux, Linus Torvalds)
CVE-2022-0847 "Dirty Pipe" (Linux, Linus Torvalds)
CVE-2022-38181 (Mali GPU Driver, ARM Holdings)
CVE-2023-21096 (Android, Google)
CVE-2023-20963 (Android, Google)

So that is 12 "zero-days" in AOSP alone.

I believe that you own a Samsung. In a year, Google found 18 *hardware*
"zero-days" unique to Samsung devices:

https://www.bleepingcomputer.com/news/security/google-finds-18-zero-day-vuln
erabilities-in-samsung-exynos-chipsets/

That brings the total # of "zero-days" for a Samsung device in a year to
around 30.

Dorper

2023-10-05 03:10:19 UTC

Doesn't matter to my point which is that iOS had the zero-day hole> which Apple didn't know about until someone else (Google it was!)
told Apple about it.

Android had the same vulnerability.

The point is not any one hole but the fact Apple has two to three times the

This is false

HINT: Think about the primitive release mechanism that only iOS uses.

Rapid Security Response?

Keep in mind the difference between a bug and a zero-day bug.
They're not the same as what matters is who caught them first.
Insiders or outsiders.

Whatever, my definition was slightly off.

Now how about you give evidence of your 3x figure. Because you are making a
fuss about update systems. You must include the entirety of Google Play
Services, Android, Qualcomm Drivers, Chrome, Linux, Samsung Bloatware, etc.
in your calculations.

Jolly Roger

2023-10-05 03:16:27 UTC

Doesn't matter to my point which is that iOS had the zero-day hole>
which Apple didn't know about until someone else (Google it was!)
told Apple about it.

Android had the same vulnerability.

And it was Google who created the software with the vulnerability in the
first place:

<https://www.rezilion.com/blog/the-cve-2023-5217-deja-vu-another-actively-exploited-chrome-vulnerability-affecting-a-webm-project-library-libvpx/>

The point is not any one hole but the fact Apple has two to three times the

This is false

He has *never* been able to prove this ludicrous claim, but that doesn't
stop him from bellowing it every chance he gets, nor does it stop his
gullible twit followers from lapping it up as gospel.

HINT: Think about the primitive release mechanism that only iOS uses.

Rapid Security Response?

"So primitive, y'all!"

Keep in mind the difference between a bug and a zero-day bug.
They're not the same as what matters is who caught them first.
Insiders or outsiders.

Whatever, my definition was slightly off.
Now how about you give evidence of your 3x figure. Because you are
making a fuss about update systems. You must include the entirety of
Google Play Services, Android, Qualcomm Drivers, Chrome, Linux,
Samsung Bloatware, etc. in your calculations.

He won't because he *can't*. 😉

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

Wally J

2023-10-05 17:24:27 UTC

Post by Jolly Roger
He won't because he *can't*.

And yet, I did.
Because I could.

...See below...

Post by Jolly Roger
Dude you repeating "iOS has 3x the zero days" does not make it true.

"Dude" (or, if you're female... "Bitch")... those were 17 _exploited_ zero
day holes, and yes, everyone but you knows this - as it's simply a fact.

The fact you're completely unaware of facts doesn't make them not facts.

I quoted exactly where that came from so many times that for you to
_remain_ completely ignorant of every fact about Apple, means you haven't
clicked on a single reference that has been provided to you on this topic.

If I provide a reference, please do not say that the reference doesn't
exist simply because you don't like what the reference is telling you.

That's probably 90% of all the iKooks' posts in this newsgroup, Dorper.
*They _hate_ facts - so they simply deny the existence of all facts.*

Jolly Roger, for example, claims every Apple statement about reducing
performance is a lie because he has never read any of Apple's statements.

Who is that stupid?
Only iKooks, right?

I was hoping you'd be more intelligent than the iKooks are, Dorper.

BTW, there's a reason Apple has so many zero-day exploits, Dorper.
<https://www.securityweek.com/apple-warns-of-newly-exploited-ios-17-kernel-zero-day/>
"This is the 16th documented in-the-wild zero-day against Apple's iOS,
iPadOS and macOS-powered devices, according to data tracked by
SecurityWeek."

Although the number is apparently 17 according to SecurityWeek themselves.
<https://cybersecurityworldconference.com/2023/10/04/apple-fixed-the-17th-zero-day-flaw-exploited-in-attacks/>

And others... so the 16 active exploits may just be date related.
<https://thehackernews.com/2023/10/apple-rolls-out-security-patches-for.html>
"With the new development, Apple has addressed a total of 17 actively
exploited zero-days in its software since the start of the year."

Dorper - if you're going to act like an adult, you have to comprehend facts
(e.g., you can't claim all bugs are zero-day bugs, for example).

That's the kind of idiocy that the iKooks do.
Let's hope you are not an iKook for God's sake.

Remember, all adults agree on the facts.
Only fools disagree on facts - that's why they're fools.

No intelligent discourse can occur until adults agree on facts.
Only _after_ we agree on facts, can an intelligent conversation ensue.

Do you yet agree that Apple has had 17 zero-day exploits this year, Dorper?
Yes? or No?

Note: Not all might be iOS though - but most seem to be (if not all).

--
HINT: You have to click on the link & read it (that's why I put it there);
then you have to understand what the article says about the exploits.

Jolly Roger

2023-10-05 23:36:28 UTC

Post by Jolly Roger
He won't because he *can't*.

And yet, I did.

Nope. You didn't.

And you can't. That's why you *still* haven't, even in this reply -
instead you tried to change the subject (as usual). You're weak, Arlen.
Weak and pitiful.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

Alan

2023-10-05 05:15:40 UTC

Doesn't matter to my point which is that iOS had the zero-day hole> which Apple didn't know about until someone else (Google it was!)
told Apple about it.

Android had the same vulnerability.

The point is not any one hole but the fact Apple has two to three times the

This is false

HINT: Think about the primitive release mechanism that only iOS uses.

Rapid Security Response?

Keep in mind the difference between a bug and a zero-day bug.
They're not the same as what matters is who caught them first.
Insiders or outsiders.

Whatever, my definition was slightly off.
Now how about you give evidence of your 3x figure. Because you are making a
fuss about update systems. You must include the entirety of Google Play
Services, Android, Qualcomm Drivers, Chrome, Linux, Samsung Bloatware, etc.
in your calculations.

Don't you know?

Arlen (aka Wally J, aka... ...far too many nyms to count) claims he only
posts FACTS!

Dorper

2023-10-05 05:27:45 UTC

Post by Alan

Doesn't matter to my point which is that iOS had the zero-day hole> which
Apple didn't know about until someone else (Google it was!)
told Apple about it.

Android had the same vulnerability.

The point is not any one hole but the fact Apple has two to three times the

This is false

HINT: Think about the primitive release mechanism that only iOS uses.

Rapid Security Response?

Keep in mind the difference between a bug and a zero-day bug.
They're not the same as what matters is who caught them first.
Insiders or outsiders.

Whatever, my definition was slightly off.
Now how about you give evidence of your 3x figure. Because you are making a
fuss about update systems. You must include the entirety of Google Play
Services, Android, Qualcomm Drivers, Chrome, Linux, Samsung Bloatware, etc.
in your calculations.

Don't you know?
Arlen (aka Wally J, aka... ...far too many nyms to count) claims he only
posts FACTS!

Only _TRUE_ and _HONEST_ facts.

Alan

2023-10-05 05:32:43 UTC

Doesn't matter to my point which is that iOS had the zero-day hole> which
Apple didn't know about until someone else (Google it was!)
told Apple about it.

Android had the same vulnerability.

The point is not any one hole but the fact Apple has two to three times the

This is false

HINT: Think about the primitive release mechanism that only iOS uses.

Rapid Security Response?

Keep in mind the difference between a bug and a zero-day bug.
They're not the same as what matters is who caught them first.
Insiders or outsiders.

Whatever, my definition was slightly off.
Now how about you give evidence of your 3x figure. Because you are making a
fuss about update systems. You must include the entirety of Google Play
Services, Android, Qualcomm Drivers, Chrome, Linux, Samsung Bloatware, etc.
in your calculations.

Don't you know?
Arlen (aka Wally J, aka... ...far too many nyms to count) claims he only
posts FACTS!

Only _TRUE_ and _HONEST_ facts.

Sorry, yes... ...I'm so glad you made that "adult" amendment!

;-)

Wally J

2023-10-05 18:22:59 UTC

Post by Wally J
HINT: Think about the primitive release mechanism that only iOS uses.

Rapid Security Response?

It's good you're aware of the RSR as the iKooks are _still_ unaware of it!

I'm extremely well aware of the RSR as I'm the one who first brought it up
on this newsgroup years ago when Apple was planning to implement it.
<https://support.apple.com/en-us/HT201224>

It's only in iOS 16 that Apple began to break down the primitive monolith.
*Distinguishing software updates from upgrades* <https://support.apple.com/guide/deployment/about-software-updates-depc4c80847a/>

Interestingly, the iKooks lied for years about Apple releases.
<https://arstechnica.com/gadgets/2022/10/apple-clarifies-security-update-policy-only-the-latest-oses-are-fully-patched/>
<https://hothardware.com/news/apple-admits-only-fully-patches-security-flaws-in-latest-os-releases>
<https://screenrant.com/apple-product-security-update-lifespan/>

Post by Wally J
Keep in mind the difference between a bug and a zero-day bug.
They're not the same as what matters is who caught them first.
Insiders or outsiders.

Whatever, my definition was slightly off.

It's OK to make a mistake (so did I with the "local" exploits, remember?).

What matters is adults agree on facts.
A fool disputes facts (that's why they're fools).

Usenet is water under the bridge.
I take every post from you on its own merits.

Hell... if Jolly Roger said an intelligent sentence, I'd commend him.
I hold no grudges.

It's fine that you no longer dispute there is a difference between a bug
(of which there are many thousands per release) and a zero-day bug
(of which there are only dozens per release) and even an "exploit" of a
zero-day bug (of which Apple has had 17 this year alone - see below).

Post by Dorper
Now how about you give evidence of your 3x figure. Because you are making a
fuss about update systems. You must include the entirety of Google Play
Services, Android, Qualcomm Drivers, Chrome, Linux, Samsung Bloatware, etc.
in your calculations.

We can't have any semblance of a normal intelligent adult conversation if
you blindly dispute all facts without even being aware of any of those
facts (simply because you don't _like_ those facts).

Right?

I mean... 'cmon... that's exactly what the iKooks do all day on this ng.
You're not an iKook, I hope.

Please read below & answer "yes" or "no" to the question at the bottom.

Post by Dorper
Dude you repeating "iOS has 3x the zero days" does not make it true.

"Dude" (or, if you're female... "Bitch")... those were 17 _exploited_ zero
day holes, and yes, everyone but you knows this - as it's simply a fact.

The fact you're completely unaware of facts doesn't make them not facts.

I quoted exactly where that came from so many times that for you to
_remain_ completely ignorant of every fact about Apple, means you haven't
clicked on a single reference that has been provided to you on this topic.

If I provide a reference, please do not say that the reference doesn't
exist simply because you don't like what the reference is telling you.

That's probably 90% of all the iKooks' posts in this newsgroup, Dorper.
*They _hate_ facts - so they simply deny the existence of all facts.*

I was hoping you'd be more intelligent than the iKooks are, Dorper.

BTW, there's a reason Apple has so many zero-day exploits, Dorper.

<https://www.securityweek.com/apple-warns-of-newly-exploited-ios-17-kernel-zero-day/>
"This is the 16th documented in-the-wild zero-day against Apple's iOS,
iPadOS and macOS-powered devices, according to data tracked by
SecurityWeek."

Although the number is apparently 17 according to SecurityWeek themselves.

<https://cybersecurityworldconference.com/2023/10/04/apple-fixed-the-17th-zero-day-flaw-exploited-in-attacks/>

And others... so the 16 active exploits may just be date related.

<https://thehackernews.com/2023/10/apple-rolls-out-security-patches-for.html>
"With the new development, Apple has addressed a total of 17 actively
exploited zero-days in its software since the start of the year."

Dorper - if you're going to act like an adult, you have to comprehend facts
(e.g., you can't claim all bugs are zero-day bugs, for example).

That's the kind of idiocy that the iKooks do.
Let's hope you are not an iKook for God's sake.

Remember, all adults agree on the facts.
Only fools disagree on facts - that's why they're fools.

No intelligent discourse can occur until adults agree on facts.
Only _after_ we agree on facts, can an intelligent conversation ensue.

Do you yet agree that Apple has had 17 zero-day exploits this year, Dorper?
Yes? or No?

Note: Not all might be iOS though - but most seem to be (if not all).

--
HINT: You have to click on the link & read it (that's why I put it there);
then you have to understand what the article says about the exploits.

Jolly Roger

2023-10-05 23:43:58 UTC

Post by Wally J
HINT: Think about the primitive release mechanism that only iOS uses.

Rapid Security Response?

It's good you're aware of the RSR as the iKooks are _still_ unaware of it!

Actually, everyone is aware of it.

Post by Wally J
I'm the one who first brought it up on this newsgroup

Obvious lie. 🤣

In reality, *Hemidactylus* was the first person to mention Apple's RSR
updates on this newsgroup in 2023:

<https://groups.google.com/g/misc.phone.mobile.iphone/c/VdyhxbaZ9gg/m/sgqXuyhtAQAJ>

Arlen years go by *very* quickly, you guys. *Way* faster than dog years
- much more like gnat years. 😉

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

candycanearter07

2023-10-05 02:39:07 UTC

Post by Dorper
The term zero-day doesn't mean anything. Any security flaw that isn't
intentionally put in there is a zero-day. You can go check the NVD and you
will see that the # of CVEs for Android is higher than the # of CVEs for iOS.
I don't know where you are getting this "3x" number from.

A Zero-day exploit is any exploit that gets exploited before the
developers know about it. It does "mean something".

https://en.wikipedia.org/wiki/Zero-day_(computing)

--
user <candycane> is generated from /dev/urandom

Wally J

2023-10-05 03:20:28 UTC

Post by candycanearter07

A Zero-day exploit is any exploit that gets exploited before the
developers know about it. It does "mean something".
https://en.wikipedia.org/wiki/Zero-day_(computing)

Yes. You are correct. But let's be careful about defining
the "exploit" versus the "vulnerability", where I've been saying,
very clearly...
a. iOS historically has two to three times the zero-day holes, and,
b. iOS historically has something like ten times the exploits in the wild.

Where the exploit means someone crafted a way to take advantage of
the vulnerability (and that's never for a good purpose, mind you).

But back to Dorper's need to understand first and foremost the
critical distinction between a simple flaw and a zero-day hole.
<https://www.csoonline.com/article/565704/zero-days-explained-how-unknown-vulnerabilities-become-gateways-for-attackers.html>
"The question of who knows about these flaws is crucial."

Dorper was wrong in his assumption that any old bug was the same as a
zero-day bug. They're not at all the same in terms of who knows about them
(where therein lies the risk of iOS having many times more of them!).

Having worked with software for decades, I inherently understand zero-day
bugs, where I do agree with others that the stated definitions are cloudy.

But it's really as simple as "who found it?".
a. If Apple found it, it's not a zero-day hole.
b. If "someone else" found it, it's definitely a zero-day hole.
By definition, in fact. (pun intended)
c. Whether or not it's exploited in the wild makes it even worse
(where Apple's exploited zero-day holes are ten times that of Android).

There are reasons for why Apple's iOS is so insecure compared to Android,
but we have to understand how Apple builds, tests & ships iOS to know why.

--
Maybe Dorper can post a followup in the "I was wrong" thread which
was kindly authored by badgolferman. How he responds to this is key.

Jolly Roger

2023-10-05 03:22:14 UTC

Post by Wally J
a. iOS historically has two to three times the zero-day holes, and,
b. iOS historically has something like ten times the exploits in the wild.

False, and you've never been able to provide a source for your made-up
bullshit numbers. 🙂

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

Wally J

2023-10-05 03:43:08 UTC

Post by Wally J
a. iOS historically has two to three times the zero-day holes, and,
b. iOS historically has something like ten times the exploits in the wild.

False, and you've never been able to provide a source for your made-up
bullshit numbers.

I kind of feel sorry for you Jolly Roger.
Like I do a person who has a head injury who can no longer think straight.

It's no longer shocking how much you ignorant iKooks fear the truth.
Hence, you low-IQ uneducated iKooks _fear me_ (because I state the facts).

Your first response, always, is simply to deny all facts you're unaware of.

However... you actually just did me a favor... because... again today,
I was wrong (in a minor way) in that the number of _exploited_ zero-days
is 17 - which means the number of zero days is way (way!) times greater.

Thank you Jolly Roger for asking me to re-visit the facts of the matter.
*It's way worse than I had said it was*

The fact is that iOS is exploited over ten times more than is Android.
Where the number of Apple zero-day exploits this year alone, is 17.

"CVE-2023-42824 is the 17th zero-day vulnerability
*exploited in attacks* that Apple has fixed
since the start of the year."
<https://www.bleepingcomputer.com/news/apple/apple-emergency-update-fixes-new-zero-day-used-to-hack-iphones/>

By definition, zero-day holes are holes that Apple didn't know about
until Apple was told about them - and by definition - an exploit of
a zero-day hole can't be purposely fixed by Apple until Apple is made
aware of them. Apple didn't find them. Someone else did.

*That's _why_ Apple's operating systems are so often exploited!*

Note that the iKooks claim all facts that they are ignorant of, can't be
facts; but the facts are that the iKooks are simply ignorant of the facts.

--
The iKooks still, after decades on this newsgroup, are completely ignorant
of the fact that Apple only fully fixes a single release (and always did!).

Jolly Roger

2023-10-05 03:46:37 UTC

Post by Wally J
a. iOS historically has two to three times the zero-day holes, and,
b. iOS historically has something like ten times the exploits in the wild.

False, and you've never been able to provide a source for your
made-up bullshit numbers.

Blah blah blah blah

As expected, you still can't provide a source confirming your claim.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

Wally J

2023-10-05 17:25:40 UTC

Post by Jolly Roger
As expected, you still can't provide a source confirming your claim.

Ah, but I did.
Many times.

You _hate_ the fact that facts exist so you simply deny all facts
that you're completely ignorant of - which is most facts, Jolly Roger.

-< see below >-

Post by Jolly Roger
Dude you repeating "iOS has 3x the zero days" does not make it true.

"Dude" (or, if you're female... "Bitch")... those were 17 _exploited_ zero
day holes, and yes, everyone but you knows this - as it's simply a fact.

The fact you're completely unaware of facts doesn't make them not facts.

I quoted exactly where that came from so many times that for you to
_remain_ completely ignorant of every fact about Apple, means you haven't
clicked on a single reference that has been provided to you on this topic.

If I provide a reference, please do not say that the reference doesn't
exist simply because you don't like what the reference is telling you.

That's probably 90% of all the iKooks' posts in this newsgroup, Dorper.
*They _hate_ facts - so they simply deny the existence of all facts.*

Jolly Roger, for example, claims every Apple statement about reducing
performance is a lie because he has never read any of Apple's statements.

Who is that stupid?
Only iKooks, right?

I was hoping you'd be more intelligent than the iKooks are, Dorper.

BTW, there's a reason Apple has so many zero-day exploits, Dorper.
<https://www.securityweek.com/apple-warns-of-newly-exploited-ios-17-kernel-zero-day/>
"This is the 16th documented in-the-wild zero-day against Apple's iOS,
iPadOS and macOS-powered devices, according to data tracked by
SecurityWeek."

Although the number is apparently 17 according to SecurityWeek themselves.
<https://cybersecurityworldconference.com/2023/10/04/apple-fixed-the-17th-zero-day-flaw-exploited-in-attacks/>

And others... so the 16 active exploits may just be date related.
<https://thehackernews.com/2023/10/apple-rolls-out-security-patches-for.html>
"With the new development, Apple has addressed a total of 17 actively
exploited zero-days in its software since the start of the year."

Dorper - if you're going to act like an adult, you have to comprehend facts
(e.g., you can't claim all bugs are zero-day bugs, for example).

That's the kind of idiocy that the iKooks do.
Let's hope you are not an iKook for God's sake.

Remember, all adults agree on the facts.
Only fools disagree on facts - that's why they're fools.

No intelligent discourse can occur until adults agree on facts.
Only _after_ we agree on facts, can an intelligent conversation ensue.

Do you yet agree that Apple has had 17 zero-day exploits this year, Dorper?
Yes? or No?

Note: Not all might be iOS though - but most seem to be (if not all).

--
HINT: You have to click on the link & read it (that's why I put it there);
then you have to understand what the article says about the exploits.

Jolly Roger

2023-10-05 23:37:14 UTC

Post by Jolly Roger
As expected, you still can't provide a source confirming your claim.

Ah, but I did.

Nope. And you *still* can't. 🤣

Arlen the failure, everyone!

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

candycanearter07

2023-10-05 03:33:51 UTC

Post by candycanearter07
A Zero-day exploit is any exploit that gets exploited before the
developers know about it. It does "mean something".
https://en.wikipedia.org/wiki/Zero-day_(computing)

So all exploits use vulnerabilities but not all vulnerabilities are
exploited?

--
user <candycane> is generated from /dev/urandom

Dorper

2023-10-04 23:39:15 UTC

Not nearly enough LOL's. Do try harder.

It's no longer shocking how much you ignorant iKooks fear the truth.
Did you know what else is in this 17.0.3 release?
It's big.
Really big.
Hint: No smartphone OS is anywhere nearly as insecure as iOS is.
(hackers don't even need to be within a thousand miles of your phone to
completely and fully take it over any time they want to - for years!)

In other news, Android has released it's latest security update:

https://www.bleepingcomputer.com/news/security/android-october-security-
update-fixes-zero-days-exploited-in-attacks/
Including fixes for "54 unique vulnerabilities, including two known to be
actively exploited." Of the 54 fixes concerning Android 11 through 13, five
are rated critical, and two concern remote code execution problems.

Wally J

2023-10-05 01:43:23 UTC

Post by Wally J
Hint: No smartphone OS is anywhere nearly as insecure as iOS is.
(hackers don't even need to be within a thousand miles of your phone to
completely and fully take it over any time they want to - for years!)

https://www.bleepingcomputer.com/news/security/android-october-security-
update-fixes-zero-days-exploited-in-attacks/
Including fixes for "54 unique vulnerabilities, including two known to be
actively exploited." Of the 54 fixes concerning Android 11 through 13, five
are rated critical, and two concern remote code execution problems.

It's classic for Apple users to blame everyone but Apple for the flaws in
Apple devices. It's called "whataboutism" & only Apple users do it.
<https://en.wikipedia.org/wiki/Whataboutism>

I know exactly why you used whataboutism to defend against Apple's flaw.
I wonder if you do?

Probably not.
Let's just say that only Apple people do what you just did, Dorper.

Adults don't do it. Specifically...

You'll _never_ see someone on Android doing what you just did, Dorper.
Nor on Windows newsgroups.

Only Apple newsgroups.
Where almost every "excuse" for Apple's flaws is whataboutism incarnate.

This "whataboutism" of blaming everyone but Apple _starts with Apple_
and it's a hallmark of Apple users to blame others for Apple's flaws.

*Why don't we look at the zero-day holes in iOS*, Dorper.
Shall we?

I get it you are desperate to defend Apple's honor, but then you must know
how many zero-day bugs Apple had this year (and every year!) compared to
Android, right?

No?
You don't know?

Hmmmm.... classic.

Here... allow me to help you to think logically & sensibly, OK?

What you're _not_ saying is that iOS has had 17 zero-days this year alone -
which is something like two to three times the zero-days of Android last we
checked (since this happens every year).

By definition, a zero day is a bug that Apple forgot to find in testing.
Right?

So that's two to three times (every year - year after year) that Apple's
iOS has zero-day holes that Apple forgot to find in their iOS 'testing'.

HINT: That's a lot!

Why... might you ask... is iOS always two to three times less secure?
I (think I) know why.

Do you?

--
Note: We've already discussed that this doesn't even count the _exploited_
zero days, where you dispute that iOS has _ten times_ the active exploits!

candycanearter07

2023-10-05 02:33:46 UTC

Post by Wally J
Hint: No smartphone OS is anywhere nearly as insecure as iOS is.

Missed opportunity to say "the kooks are as insecure as the OS"

--
user <candycane> is generated from /dev/urandom

Jörg Lorenz

2023-10-05 07:35:13 UTC

You hate me, Hemidactyulus... *because you fear me*. You fear all facts
about Apple products, Hemidactylus. Don't you.

All in this group *fear that you never will disappear*, Arlen.

--
Morituri te salutant

Alan

2023-10-05 08:04:18 UTC

Post by JÃ¶rg Lorenz

You hate me, Hemidactyulus... *because you fear me*. You fear all
facts about Apple products, Hemidactylus. Don't you.

All in this group *fear that you never will disappear*, Arlen.

Because all of us need a good laugh from time to time.

:-)

*Hemidactylus*

2023-10-06 02:09:27 UTC