In other words, in-the-wild spyware that was used in at least some targeted attacks. So the smart money is saying, even though Apple didn’t explicitly mention this in their security bulletins, that this is yet another fix related to that so called Triangulation Trojan. Namely that the zero-day fixed in the Rapid Response part was in WebKit, and was attributed to “an anonymous researcher”.Īnd the zero-day now patched in the kernel was attributed to Russian anti-virus outfit Kaspersky, who famously reported that they’d found a bunch of zero-days on their own executives’ iPhones, presumably used for a spyware implant. So, even if you’re fearful of Rapid Responses, you will get those fixes later, if not sooner.Īnd the zero-day in WebKit (that was the Rapid-Response-patched thing) has now been accompanied by a zero-day fix for a kernel-level hole.Īnd there are some (how can I put it?) “interesting co-incidences” when you compare it with Apple’s last major security upgrade back in June 2023. You’re right, the idea of these Rapid Responses is they do eventually make it into the full upgrades, where you get a full new version number. …there was an update with version (a), which is how they denote the first one, then there was a problem with that (browsing to some websites that weren’t parsing User-Agent strings properly).Īnd so Apple said, “Oh, don’t worry, we’ll come out with version (b) in a bit.”Īnd then the next thing we saw was version (c). If you remember that Rapid Response, like you said… Well, that patch is now part of a full update, and one which actually patched a second zero-day as well, Paul.Īpple ships that recent “Rapid Response” spyware patch to everyone, fixes a second zero-day It was there, it wasn’t there, what happened to it? We’ve talked several times now about Apple’s second Rapid Response patch. The word Lua imeans ‘moon’ in Portuguese.Īlright, let’s stay on the subject of code. (Speaking technically, functions are first-class objects in the language, so you can do all sorts of neat stuff that you can’t do with more traditional languages like C.)Īnd I often use it for what would otherwise be pseudocode in Naked Security articles.īecause (A) you can copy-and-paste the code and try it out for yourself if you want, and (B) it is actually surprisingly readable, even for people who aren’t familiar with programming. It’s got some lovely characteristics: it’s a very easy language to learn it’s very easy language to read and yet you can even write programs in functional style. It’s what I like to call a “lean, mean fighting machine”. I use it quite extensively for my own scripting. Paul, you use Lua in some of the Naked Security articles, if I’m not mistaken. Lua is used in apps such as Roblox, World of Warcraft, Angry Birds, web apps from Venmo and Adobe, not to mention Wireshark, Nmap, Neovim, and zillions more widespread scriptable apps. Well, let’s talk about July in our This Week in Tech History segment.Ģ8 July 1993 brought us version 1.0 of the Lua programming language.Īnd even if you’ve never heard of the Little Language That Could, you’ve probably benefitted from it. Apple patches, security versus performance, and hacking police radios.Īll that, and more, on the Naked Security podcast.ĭOUGLAS.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |