Skip to content
Pangu

Pangu

  • Home
  • Xiaomi phones
  • Pangu jailbreak
  • Pangu firmware
  • Telecoms finance
  • Accounts
  • Terms and Conditions
  • Privacy Policy
Watch Online
  • Home
  • Pangu jailbreak
  • Open gap in old systems: Apple’s patch strategy leaves users vulnerable
  • Pangu jailbreak

Open gap in old systems: Apple’s patch strategy leaves users vulnerable

Kelly Choos November 17, 2021 2 min read

A flaw in an older version of macOS that was actively exploited for attacks has led to criticism of Apple’s patching strategy. Security researchers warn that the manufacturer is cradling users of older operating system versions with security updates that still ship in fake security because not all weak spots are by far eliminated.

Spread open for seven months

A vulnerability that was silently plugged in the latest version of macOS 11 Big Sur remained open in the previous version of macOS 10.15 Catalina for over seven months and was actively used for attacks during that time. Malware delivered via manipulated websites could install itself covertly in the browser when the site was visited and without user interaction, as AV company Malwarebytes explains – a “fairly fully equipped backdoor” was introduced smuggled into the victim’s Macs.

The malware apparently targeted activists in Hong Kong. Apple did not submit the patch for macOS 10.15 until after Google security researchers reported the malware campaign to the company.

A serious flaw in the XNU kernel and a vulnerability in the Safari browser substructure, WebKit, was used for this. Apple closed the WebKit gap with a browser update, but the XNU vulnerability was not addressed until February in the most recent version of macOS 11.2 (and iOS 14.4). A reference to the hole, which the Pangu jailbreak hacker team had apparently already reported to Apple earlier this year, was only added by Apple in September – alongside the patch for macOS 10.15 Catalina (and iOS 12) .

No more Macs and me

No more Macs and me

No more Macs and me

No Apple Update Promise

It remains to be seen why Apple fixed the bug so late in the older version of the operating system. macOS 10.14 Mojave had not received any security updates at this point, although the latest version of macOS 12 Monterey is still a few weeks away. It is not clear whether the vulnerability also exists in the XNU kernel of macOS 10.14.

There is no official statement from Apple as to how long OS versions should receive updates. Over the past decade, it has become established that the two versions of macOS preceding the current version will continue to receive security updates for an indefinite period of time. This year, Apple is also offering security updates for the iOS and iPadOS versions from last year for the first time. The “most comprehensive security updates” are only available with iOS 15, according to the manufacturer.


(lb)

Source of the article

Disclaimer: This article is generated from the feed and not edited by our team.

Related posts:

  1. The best way to jailbreak your iPhone or iPod Contact in 2021
  2. Jailbreak – 9to5Mac
  3. New ‘non-patchable’ exploit allegedly discovered on Apple’s Safe Enclave chip, here is what it may imply
  4. Pangu Jailbreak iOS 14 workforce demos at Mosec 2020, launch imminent?
Tags: operating system pangu jailbreak

Continue Reading

Previous: Spyware exploited unpatched Apple vulnerability via activist websites in Hong Kong
Next: How to Fix Connection Errors in Pokémon Unite on Android

Related Stories

How to Remove Search Bar from Taskbar on Windows 10 PC 2022 [Updated] How to Remove Search Bar from Taskbar on Windows 10 PC 2022 [Updated]
2 min read
  • Pangu jailbreak

How to Remove Search Bar from Taskbar on Windows 10 PC 2022 [Updated]

March 30, 2022
How to Run Exodus Kodi 2022 Addon [Updated] How to Run Exodus Kodi 2022 Addon [Updated]
3 min read
  • Pangu jailbreak

How to Run Exodus Kodi 2022 Addon [Updated]

March 15, 2022
How to Fix Windows Update Error Code 0x800705b4 2022 [Updated] How to Fix Windows Update Error Code 0x800705b4 2022 [Updated]
3 min read
  • Pangu jailbreak

How to Fix Windows Update Error Code 0x800705b4 2022 [Updated]

March 15, 2022

Categories

app store ios device ios ios ios jailbreak iphone ipad ipod touch jailbreak ios jailbreak tool operating system pangu jailbreak pangu team running ios united states version ios xiaomi mi

  • Accounts
  • Pangu firmware
  • Pangu jailbreak
  • Telecoms finance
  • Xiaomi phones

Recent posts

Recent Posts

  • 3 Ways to Manage Your Finances

  • We wish Samsung’s foldable phones didn’t mean a slimmer wallet either

  • One UI 5 beta is now available in the US, South Korea and Germany, still only for the Galaxy S22 series

  • Weekly poll: is the OnePlus 10T the one to get or the one to skip?

  • SG Americas Securities LLC sells 11,522 shares of Comtech Telecommunications Corp. (NASDAQ: CMTL)

  • Google contracts production of Pixel 7 and Pixel Foldable to Foxconn

Archives

  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • August 2019
  • June 2019
  • April 2019
  • February 2019
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • May 2018
  • April 2018
  • March 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • August 2014
  • July 2014
  • June 2014
  • January 2014
  • November 2013
  • February 2013
  • December 2012

You may have missed

We wish Samsung’s foldable phones didn’t mean a slimmer wallet either
2 min read
  • Xiaomi phones

We wish Samsung’s foldable phones didn’t mean a slimmer wallet either

August 10, 2022
One UI 5 beta is now available in the US, South Korea and Germany, still only for the Galaxy S22 series
6 min read
  • Xiaomi phones

One UI 5 beta is now available in the US, South Korea and Germany, still only for the Galaxy S22 series

August 9, 2022
Weekly poll: is the OnePlus 10T the one to get or the one to skip?
2 min read
  • Xiaomi phones

Weekly poll: is the OnePlus 10T the one to get or the one to skip?

August 7, 2022
SG Americas Securities LLC sells 11,522 shares of Comtech Telecommunications Corp. (NASDAQ: CMTL)
5 min read
  • Telecoms finance

SG Americas Securities LLC sells 11,522 shares of Comtech Telecommunications Corp. (NASDAQ: CMTL)

August 6, 2022