back to article Apple patches actively exploited iPhone, iPad kernel vulns

Apple has patched an iOS and iPad OS vulnerability that's already been exploited. Crediting an anonymous security researcher with reporting the issue, Apple said the problem involves an out-of-bounds write issue – which involves adding data past the end or before the beginning of a buffer. The impacts can bedata corruption, a …

  1. Korev Silver badge
    Alien

    To our knowledge, this makes Apple Security Bounty the fastest-growing bounty program[sic] in industry history," Apple bragged in a statement

    Whether or not this is a good thing depends on why it is the "fastest growing" programme

    1. devin3782 Silver badge

      I'm not sure that having a growing list of security flaws is anything to brag about

  2. GreggS

    Tim Cook

    Every time i see a photo of him i have to have a double take just to make sure it's him and not Tony Adams.

    1. devin3782 Silver badge

      Re: Tim Cook

      Tony Adams? clearly he looks like Paul O'Grady's identical (yet evil) twin.

  3. Anonymous Coward
    Flame

    A modest proposal

    Programmers who don't check their inputs before proceeding should be flogged.

    1. Steve Davies 3 Silver badge
      Boffin

      Re: A modest proposal

      Well said.

      But....

      Input validation like all error handling is so.... hard and time consuming.

      That's why many of us have our own set of tools to do just that. I even went as far as to have a complete error handling system that I could drip into a project. Some PM's / Scrum masters hate the very thought of having to handle errors. Once a team get used to using a framework there is little effect on productivity. Even then, I've had instructions to remove it from a project due to NIH despite me donating the source code.

      1. EnviableOne Silver badge

        Re: A modest proposal

        error handling is time-consuming, but its cheaper and less bottom-line consuming than having to fix a named vulnerability 6 years down the line when the dev team have all moved on and no longer picks up your calls.

  4. Woodnag

    Exploit

    All I need to know is whether the exploit requires JS to be enabled in Safari for it to work.

    Note that Mail doesn't have a setting to disable email html processing - please advise if I'm wrong...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like