Another security update, Apple? You're really keeping up with your tech rivals Apple has demonstrated that it can more than hold its own among the tech giants, at least in terms of finding itself on the wrong end of zero-day vulnerabilities. iOS and iPadOS have again come under attack, and Apple has rushed out a fix to ward off miscreants. The latest issues are CVE-2023-42824 and CVE-2023-5217. The …
For example, no more JIT JavaScript compilation in Safari. The equivalent for that is actually found in Microsoft Edge too, where you can enable Enhanced Security on the Strict setting and then whitelist just the sites you need better performance on. It also blocks attachments other than images in Messages, which is basically a very strict safe attachment filter similar to what enterprise security software does. The reason people are only told to use it if they're a high risk target is because it not only slows down web browsing but also reduces your ability to casually share media with one another,
In this case Lockdown Mode would have likely blocked VP8-based attacks in iMessage due to the attachment filter but not dodgy links in Safari. Bear in mind that pwning Safari doesn’t give you full control over the device and attackers are having to chain exploits from userland all the way through to kernel space to spy on people, and even then, they don’t always achieve persistence (rebooting daily is a good security practice if you think you’re at risk too)
Spend more of Annual Revenue on security !!!
“According to Microsoft's latest financial reports the company's current revenue (TTM) is $211.91 Billion”
“According to Microsoft's latest financial reports the company's current revenue (TTM) is $211.91 Billion”
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
