From Newsgroup: comp.sys.mac.advocacy

Use Apple products at your own risk. Don't fall for the Verizon free
iPhone on us offer. It's junk.

Apple has released security updates to address a security flaw impacting
iOS, iPadOS, and macOS that it said has come under active exploitation in
the wild.

The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300 (CVSS score: 8.8), resides in the ImageIO framework and could result in
memory corruption when processing a malicious image.

"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals," the company said in an advisory.

The iPhone maker said the bug was internally discovered and that it was addressed with improved bounds checking. The following versions address
the security defect -

iOS 18.6.2 and iPadOS 18.6.2 - iPhone XS and later, iPad Pro 13-inch, iPad
Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation
and later, iPad Air 3rd generation and later, iPad 7th generation and
later, and iPad mini 5th generation and later
iPadOS 17.7.10 - iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch,
and iPad 6th generation
macOS Ventura 13.7.8 - Macs running macOS Ventura
macOS Sonoma 14.7.8 - Macs running macOS Sonoma
macOS Sequoia 15.6.1 - Macs running macOS Sequoia
It's currently not known who is behind the attacks and who may have been targeted, but it's likely that the vulnerability has been weaponised as
part of highly targeted attacks.

With the latest update, Apple has so far fixed a total of seven zero-days
that have been abused in real-world attacks since the start of the year: CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025- 31201, and CVE-2025-43200.

Last month, the company also issued patches for a Safari vulnerability residing in an open-source component (CVE-2025-6558) that Google reported
as having been exploited as a zero-day in the Chrome web browser.

https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero-
day.html

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.mac.advocacy

On 2025-08-28 10:25, Symon wrote:

Use Apple products at your own risk. Don't fall for the Verizon free
iPhone on us offer. It's junk.

Apple has released security updates to address a security flaw impacting
iOS, iPadOS, and macOS that it said has come under active exploitation in
the wild.

And this affects Windows because...?
--
Cheers, Carlos.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.mac.advocacy

On 2025-08-28 04:25, Symon wrote:

Use Apple products at your own risk. Don't fall for the Verizon free
iPhone on us offer. It's junk.

Apple has released security updates to address a security flaw impacting
iOS, iPadOS, and macOS that it said has come under active exploitation in
the wild.

And in other news, Arlen has changed posting nyms again!
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.mac.advocacy

Alan wrote on 8/28/2025 9:20 AM:

On 2025-08-28 04:25, Symon wrote:

Use Apple products at your own risk.  Don't fall for the Verizon free
iPhone on us offer.  It's junk.

Apple has released security updates to address a security flaw impacting
iOS, iPadOS, and macOS that it said has come under active exploitation in
the wild.

And in other news, Arlen has changed posting nyms again!

Oh no, Arlen's on the loose again! Better hop to it boy.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.mac.advocacy

On 8/28/2025 4:25 AM, Symon wrote:

Use Apple products at your own risk. Don't fall for the Verizon free
iPhone on us offer. It's junk.

Apple has released security updates to address a security flaw impacting
iOS, iPadOS, and macOS that it said has come under active exploitation in
the wild.

The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300 (CVSS score: 8.8), resides in the ImageIO framework and could result in memory corruption when processing a malicious image.

"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals," the company said in an advisory.

The iPhone maker said the bug was internally discovered and that it was addressed with improved bounds checking. The following versions address
the security defect -

iOS 18.6.2 and iPadOS 18.6.2 - iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation
and later, iPad Air 3rd generation and later, iPad 7th generation and
later, and iPad mini 5th generation and later
iPadOS 17.7.10 - iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch,
and iPad 6th generation
macOS Ventura 13.7.8 - Macs running macOS Ventura
macOS Sonoma 14.7.8 - Macs running macOS Sonoma
macOS Sequoia 15.6.1 - Macs running macOS Sequoia
It's currently not known who is behind the attacks and who may have been targeted, but it's likely that the vulnerability has been weaponised as
part of highly targeted attacks.

With the latest update, Apple has so far fixed a total of seven zero-days that have been abused in real-world attacks since the start of the year: CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025- 31201, and CVE-2025-43200.

Last month, the company also issued patches for a Safari vulnerability residing in an open-source component (CVE-2025-6558) that Google reported
as having been exploited as a zero-day in the Chrome web browser.

https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero-
day.html

You are living in an Android glass house and throwing stones at iOS:

"Google patches two Android zero-days, 120 defects total in September
security update. The critical, actively exploited zero-day
vulnerabilities affect the Linux kernel and Android runtime."

That is just one update!

https://cyberscoop.com/android-security-update-september-2025/


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.mac.advocacy

On 2025-09-04, Tom Elam <thomas.e.elam@gmail.com> wrote:

On 8/28/2025 4:25 AM, Symon wrote:

[a bunch of troll bullshit]

You are living in an Android glass house and throwing stones at iOS:

Juvenile insults and pissing contests are the best this loser has to
offer to the world.
--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.mac.advocacy

Jolly Roger wrote on 9/4/2025 3:26 PM:

On 2025-09-04, Tom Elam <thomas.e.elam@gmail.com> wrote:

On 8/28/2025 4:25 AM, Symon wrote:

[a bunch of troll bullshit]

You are living in an Android glass house and throwing stones at iOS:

Juvenile insults and pissing contests are the best this loser has to
offer to the world.

And you NEVER stoop that low, right jolly?


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.mac.advocacy

On 2025-09-04, Hank Rogers <Hank@nospam.invalid> wrote:

Jolly Roger wrote on 9/4/2025 3:26 PM:

On 2025-09-04, Tom Elam <thomas.e.elam@gmail.com> wrote:

On 8/28/2025 4:25 AM, Symon wrote:

[a bunch of troll bullshit]

You are living in an Android glass house and throwing stones at iOS:

Juvenile insults and pissing contests are the best this loser has to
offer to the world.

And you NEVER stoop that low, right jolly?

Only with trolls, and Arlen is King of Loser Trolls. You won't find me
slinging insults back at anyone else, since they aren't slinging
juvenile insults my way. But you want everyone to ignore that reality,
don't you? Because: troll. 😉
--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.mac.advocacy

On Aug 28, 2025, Carlos E.R. wrote
(in article <18v5olxruo.ln2@Telcontar.valinor>):

On 2025-08-28 10:25, Symon wrote:

Use Apple products at your own risk. Don't fall for the Verizon free
iPhone on us offer. It's junk.

Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild.

And this affects Windows because...?

Arlen has a new gym. Added to the killfile list; Arlen now has sufficient
nyms that I’ve re-orged my kf list and given him his very own folder.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.mac.advocacy

WolfFan wrote on 9/5/2025 4:58 PM:

On Aug 28, 2025, Carlos E.R. wrote
(in article <18v5olxruo.ln2@Telcontar.valinor>):

On 2025-08-28 10:25, Symon wrote:

Use Apple products at your own risk. Don't fall for the Verizon free
iPhone on us offer. It's junk.

Apple has released security updates to address a security flaw impacting >>> iOS, iPadOS, and macOS that it said has come under active exploitation in >>> the wild.

And this affects Windows because...?

Arlen has a new gym. Added to the killfile list; Arlen now has sufficient nyms that I’ve re-orged my kf list and given him his very own folder.

At least he has kept the gym open, though I'm not a member and don't
work out at arlen's gym.

re-orging is always good when you have kf lists. Good luck!


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.mac.advocacy

On 8/28/2025 4:25 AM, Symon wrote:

Use Apple products at your own risk. Don't fall for the Verizon free
iPhone on us offer. It's junk.

Apple has released security updates to address a security flaw impacting
iOS, iPadOS, and macOS that it said has come under active exploitation in
the wild.

The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300 (CVSS score: 8.8), resides in the ImageIO framework and could result in memory corruption when processing a malicious image.

"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals," the company said in an advisory.

The iPhone maker said the bug was internally discovered and that it was addressed with improved bounds checking. The following versions address
the security defect -

iOS 18.6.2 and iPadOS 18.6.2 - iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation
and later, iPad Air 3rd generation and later, iPad 7th generation and
later, and iPad mini 5th generation and later
iPadOS 17.7.10 - iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch,
and iPad 6th generation
macOS Ventura 13.7.8 - Macs running macOS Ventura
macOS Sonoma 14.7.8 - Macs running macOS Sonoma
macOS Sequoia 15.6.1 - Macs running macOS Sequoia
It's currently not known who is behind the attacks and who may have been targeted, but it's likely that the vulnerability has been weaponised as
part of highly targeted attacks.

With the latest update, Apple has so far fixed a total of seven zero-days that have been abused in real-world attacks since the start of the year: CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025- 31201, and CVE-2025-43200.

Last month, the company also issued patches for a Safari vulnerability residing in an open-source component (CVE-2025-6558) that Google reported
as having been exploited as a zero-day in the Chrome web browser.

https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero-
day.html

I don't see a reply to my post on exploited zero-day Android security flaws. --- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.mac.advocacy

On 2025-09-09, Tom Elam <thomas.e.elam@gmail.com> wrote:

On 8/28/2025 4:25 AM, Symon wrote:

Use Apple products at your own risk. Don't fall for the Verizon free
iPhone on us offer. It's junk.

I don't see a reply to my post on exploited zero-day Android security
flaws.

Even if he did reply, it'd be full of his usual lies and insults. 😉

Speaking of zero days, did you see that Apple just announced a huge
security feature called Memory Integrity Enforcement?

<https://security.apple.com/blog/memory-integrity-enforcement/>

Cool stuff!
--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR
--- Synchronet 3.21a-Linux NewsLink 1.2