Post 9vJYCh8pw3pta2lAEC by Shufei@mastodon.sdf.org
(DIR) More posts by Shufei@mastodon.sdf.org
(DIR) Post #9vIvUN63IvMwPctZUe by leip4Ier@infosec.exchange
2020-05-22T12:11:11Z
0 likes, 0 repeats
> Apple security updates> iOS 13.5 and iPadOS 13.5 (details available soon)why they didn't publish a detailed description yet? does that update contain a fix for an easy-to-exploit vulnerability that can't be disclosed until enough people update?
(DIR) Post #9vIvXkQr03BzefEdQu by wolf480pl@mstdn.io
2020-05-22T12:11:47Z
0 likes, 0 repeats
@leip4Ier from vendors' point of view, all vulns are either easy-to-exploit, or unpatched
(DIR) Post #9vIvesYbBq14sgG3s0 by leip4Ier@infosec.exchange
2020-05-22T12:13:06Z
0 likes, 0 repeats
@wolf480pl iirc i'd never had to wait for these descriptions, though i may be mistaken
(DIR) Post #9vJ3mRent0x3P0HMbQ by siliconshecky@infosec.exchange
2020-05-22T13:44:07Z
0 likes, 0 repeats
@leip4Ier I think one thing is the COVID tracking system is in it, plus there is supposed to be a fix for that last big Vuln in the mail app that goes back years.
(DIR) Post #9vJDmti4aOZxwpf9Oa by leip4Ier@infosec.exchange
2020-05-22T15:36:15Z
0 likes, 0 repeats
@siliconshecky i think they mentioned contact-tracing stuff in general release notes, these are about security fixes only. i don't think they'd wait to announce a fix for a well-known vulnerability, so i wonder if there's something more interesting.
(DIR) Post #9vJMxtYGPiIqEKORv6 by siliconshecky@infosec.exchange
2020-05-22T17:19:04Z
0 likes, 0 repeats
@leip4Ier I doubt it. Apple hates posting the security notes as it is. Hide it better by releasing them late today or over the holiday weekend just to keep eyes off it.
(DIR) Post #9vJNwi0zv9M67Apd7A by fallenhitokiri@infosec.exchange
2020-05-22T17:30:02Z
0 likes, 0 repeats
@leip4Ier a jailbreak for 13.5 seems ready to go, so there’s a chance they delay for security by obscurity
(DIR) Post #9vJY8fjjDWng44661Q by leip4Ier@infosec.exchange
2020-05-22T19:24:16Z
0 likes, 0 repeats
@fallenhitokiri a new jailbreak? haven't heard of it, how bad is it? >.>
(DIR) Post #9vJYCh8pw3pta2lAEC by Shufei@mastodon.sdf.org
2020-05-22T19:24:53Z
0 likes, 0 repeats
@leip4Ier My immediate thought is to the supposedly Covid surveillance system.
(DIR) Post #9vJYGyJI2qejzCgkoS by leip4Ier@infosec.exchange
2020-05-22T19:25:46Z
0 likes, 0 repeats
@Shufei but they mentioned it in general update notes, these are about security
(DIR) Post #9vJYPd0kbTu0XD91yC by Shufei@mastodon.sdf.org
2020-05-22T19:27:08Z
0 likes, 0 repeats
@leip4Ier Right, they may have quibbles about the stability of it.
(DIR) Post #9vJYYTBKWByceiJDXc by fallenhitokiri@infosec.exchange
2020-05-22T19:28:57Z
0 likes, 0 repeats
@leip4Ier I did not follow the development closely, but one is a hardware bug and there seem to be online jailbreaks on the way. check PikZo & CHeckra1n
(DIR) Post #9vJZ8CKSeaOYoScHnE by leip4Ier@infosec.exchange
2020-05-22T19:35:23Z
0 likes, 0 repeats
@fallenhitokiri oh, checkra1n is a relatively old one, and that vulnerability isn't too bad. i was worried there'd be something scarier (though it seems like there is, just not that well-known). thanks!
(DIR) Post #9vJacPqj3893O4gHIm by fallenhitokiri@infosec.exchange
2020-05-22T19:52:03Z
0 likes, 0 repeats
@leip4Ier yep - curious when it’s released what’s going on. The missing release notes make me a bit uneasy tbh
(DIR) Post #9vJaooy5U5xalb2W2a by leip4Ier@infosec.exchange
2020-05-22T19:54:18Z
0 likes, 0 repeats
@fallenhitokiri i didn't wanna update until they fix the bugs they introduced in 13.4, but yeah, now i don't know if it's better to update now
(DIR) Post #9vJbGj1nACrKS44u00 by fallenhitokiri@infosec.exchange
2020-05-22T19:59:21Z
0 likes, 0 repeats
@leip4Ier 13.5 on my test devices worked as well as 13.4 - at least it didn’t seem like a regression :/