Oddbean new post about | logout
Ava | 5 months ago (raw) | export | reply | flag +17 
 **Apple backports fix for RTKit iOS zero-day to older iPhones**

"Even though Apple has not released details regarding CVE-2024-23296 exploitation, iOS zero-days are commonly used in state-sponsored spyware attacks targeting high-risk individuals, including journalists, dissidents, and opposition politicians."

https://www.bleepingcomputer.com/news/apple/apple-backports-fix-for-rtkit-ios-zero-day-to-older-iphones/

That makes **three** zero-days for Apple **exploited in attacks** that have been patched in 2024, in addition to the fact that Apple still hasn't fixed multiple VPN bypass vulnerabilities on iOS...since 2020.

https://protonvpn.com/blog/apple-ios-vulnerability-disclosure/

#cybersecgirl
Leonidas | 5 months ago (raw) | root | parent | reply | flag 
 So, open source (Lineage or Graphene) is actually only way to go?
Ava | 5 months ago (raw) | root | parent | reply | flag +2 
 Cellular networks should definitely be considered compromised networks. I ditched SIMS some time ago. https://jmp.chat/ and MySudo are both good options. 

If a SIM is absolutely necessary for 2FA, silent.link provides international inbound call/text sims that roam on networks, providing more privacy. 

If the service is one of the few that does not accept VOIP/XMPP (Jabber) numbers at first, you can often update to one after the initial text verification.

nostr:nevent1qqsqu7z77d7yc2ycug8sz7f6qhne7pddapze0tayje2xmjz6h04muzcprfmhxue69uhhyetvv9ujumn0wd68yurvv438xtnrdaksygzwhzp3p445ak2ud4n289dn6084txu9ltkg7a53mt75qk5jup2ad5psgqqqqqqsjx225m

As far as the VPN attack, I'm familiar with it. It's just one more reason to use Android/GrapheneOS and Linux/QubesOS. Apple still hasn't fixed multiple VPN bipass vulnerabilities on iOS...since 2020.

nostr:nevent1qqs04f3tg24vy7pe3sayklsaked0yn8qk3dyy36thp0dtl5fjnwgxjgpr3mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmqzyp8t3qcs666wm9wx6e4rjkea8n64nwzl4my0w6ga4l2qt2fwq4wk6qcyqqqqqqg028t4c
IzamaniC | 5 months ago (raw) | root | parent | reply | flag 
 Thanks for this info
Ava | 5 months ago (raw) | root | parent | reply | flag 
 I was once an Apple user, so I get it. Unfortunately Apple have so many other issues though, not the least of which are the multiple VPN bypass vulnerabilities they still haven't patched on iOS since 2020.

nostr:nevent1qqs04f3tg24vy7pe3sayklsaked0yn8qk3dyy36thp0dtl5fjnwgxjgpr3mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmqzyp8t3qcs666wm9wx6e4rjkea8n64nwzl4my0w6ga4l2qt2fwq4wk6qcyqqqqqqg028t4c