back to article Another security update, Apple? You're really keeping up with your tech rivals

Apple has demonstrated that it can more than hold its own among the tech giants, at least in terms of finding itself on the wrong end of zero-day vulnerabilities. iOS and iPadOS have again come under attack, and Apple has rushed out a fix to ward off miscreants. The latest issues are CVE-2023-42824 and CVE-2023-5217. The …

  1. Anonymous Coward
    Anonymous Coward

    lockdown mode?

    So Apple *know* what's being targeted, know how the attacks work and have even implemented a way to stop them?

    Why are the attacks still viable?

    1. Anonymous Coward
      Anonymous Coward

      Lockdown Mode shuts off functionality

      For example, no more JIT JavaScript compilation in Safari. The equivalent for that is actually found in Microsoft Edge too, where you can enable Enhanced Security on the Strict setting and then whitelist just the sites you need better performance on. It also blocks attachments other than images in Messages, which is basically a very strict safe attachment filter similar to what enterprise security software does. The reason people are only told to use it if they're a high risk target is because it not only slows down web browsing but also reduces your ability to casually share media with one another,

      In this case Lockdown Mode would have likely blocked VP8-based attacks in iMessage due to the attachment filter but not dodgy links in Safari. Bear in mind that pwning Safari doesn’t give you full control over the device and attackers are having to chain exploits from userland all the way through to kernel space to spy on people, and even then, they don’t always achieve persistence (rebooting daily is a good security practice if you think you’re at risk too)

      1. t245t Silver badge

        anon: Lockdown Mode shuts off functionality

        Spend more of Annual Revenue on security !!!

        “According to Microsoft's latest financial reports the company's current revenue (TTM) is $211.91 Billion

        “According to Microsoft's latest financial reports the company's current revenue (TTM) is $211.91 Billion

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like