From Newsgroup: comp.sys.mac.system

On Fri, 4 Dec 2020 19:02:52 -0500, JF Mezei wrote:

(the kernel, no matter how privileged it might be, has no privilges wen talking to secure enclave)

Hi JF Mezei,

Regarding Ant's recent doublepost of my news-breaking thread (as always)
o An iOS zero-click radio proximity exploit odyssey, by Ant <https://groups.google.com/g/misc.phone.mobile.iphone/c/gJYr-XnRsr8>

Adults will comprehend the significance of this direct quote:
"AWDL can be remotely enabled on a locked device using the same attack,
as long as it's been unlocked at least once after the phone is powered
on. The vulnerability is also wormable; a device which has been
successfully exploited could then itself be used to exploit further
devices it comes into contact with."

You're not an apologist, so your question is the first adult post to Ant's thread, where the apologistic morons who posted each proved instantly that
they can't even comprehend the news articles at an adult level.

I trust you comprehend the adult content in this quote from the blog:
"As things stand now in November 2020, I believe it's still quite possible
for a motivated attacker with just one vulnerability to build a
sufficiently powerful weird machine to completely, remotely compromise
top-of-the-range iPhones."

Given Google proved iOS has never been sufficiently tested (since at least
iOS 4), it shouldn't even be hard for a well-funded player to pwn iOS.

A VICE article from 2018 gives a good overview of Azimuth vulnerabilities:
o Inside the secretive industry that helps government hackers get around encryption.
<https://www.vice.com/en/article/8xdayg/iphone-zero-days-inside-azimuth-security>

Keep in mind it was a _single_ bug that allowed full & complete access!
"a single buffer overflow programming error in C++ code in the kernel
parsing untrusted data"

The Google researcher exploited Apple's own snafus and fuckups, in fact, because in 2018, Apple published (by accident, the morons) an iOS beta
without stripping out the function name symbols).
o <https://twitter.com/s1guza/status/1093424833088622592>

Hence, the researcher (and all hackers on the planet) knew about this:
o IO80211AWDLPeer::parseAwdlSyncTreeTLV

The bored engineer surmised this related to the Wi-Fi Apple Wireless Direct Link which is most likely used by AirDrop amongst other things.

Then, this bored engineer looked at the error message string:
o "Peer %02X:%02X:%02X:%02X:%02X:%02X: PATH LENGTH error hc %u calc %u\n"

Please notice the "LENGTH" error!!!!!!!!!!
o Then note, it didn't work (the checks weren't even written, it seems!).

Literally, the Google coder said "bugs this shallow tend to not work out"

And then, when was shocked to find out that they did, he exclaimed:
o "Can it really be this easy?"

Since you're not an apologist, JF Mezei, you won't simply deny out of hand
all facts you simply don't like about Apple's lack of iOS testing, nor will
you blame Google for Apple's bugs, nor, we hope, as a final defense to
facts, resort to the typical Type III apologists' ad hominem attacks
against anyone bearing facts about Apple products they simply don't like.

The bored engineer patiently explained why the apologists missed the point:
"As things currently stand, there are probably just too many good
vulnerabilities for any of these mitigations to pose much of a challenge
to a motivated attacker. And, of course, mitigations only present in
future hardware don't benefit the billions of devices already shipped
and currently in use."

BTW, what do you think the bored Google engineer suggested Apple do?
1. Clean up it's iOS _core_ code which he said dates to 1985!
2. Invest in modern best practices (Apple is all marketing & low R&D)!
3. Actually _test_ the code for God's sake, instead of just "fuzzing"!

If there are _any_ adults on this newsgroup, those three recommendations
are clearly stated at the bottom of the guy's 30K word blog as his recommendation to Apple to invest at least _something_ in iOS testing! <https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html>

All quotes are verbatim from referenced articles in this canonical thread:
o Yet again (it never ends) hackers exploit untested iOS insecurities <https://groups.google.com/g/misc.phone.mobile.iphone/c/7Mc1sX9XISA>
--
The shocking thing is not that it was so easy, but that more clearly exist.
--- Synchronet 3.18b-Win32 NewsLink 1.113

From Newsgroup: comp.sys.mac.system

On Sat, 5 Dec 2020 02:11:36 -0000 (UTC), Lewis wrote:

Do you mean to say "FUD bullshit I made up"? Because otherwise, you will
need to cite something to back up your "understanding" because you have
a proven track record of making shit up.

To any adults on this newsgroup,

Notice the _only_ person who posted an _adult_ query was JF Mezei
o JF Mezei is, understandably, concerned at how easy this hack was

One bug, and the entire iOS device was open to the world.
o Worse, it's a common bug - which is a "buffer overflow"

Who knew it was so trivial to pwn any iPhone you want
o With a wormable zero click exploit, no less.

Remember, in the Google blog, the guy says, literally, & I quote:
o "Can it really be this easy?"

And yes, it was that easy.
o No wonder hackers _stopped_ accepting iOS zero-day flaws already

There are just too many of them in the wild already.

He basically said Apple has never tested this code
o Much of which is core iOS code dating back to 1985 (he said)

Didn't this Lewis moron even _read_ the Google blog before denying facts?
o Why are these Type III apologists all so consistently Quadrant 1 DK?

Alan Baker, Lewis, Jolly Roger, Joerg Lorenz, BK, Chris, et al.
o They're all shockingly confident in their own sordid sea of ignorance

Didn't _anyone_ in this entire newsgroup even _read_ the Google report?
o It basically assesses this was so simple - many similar flaws must exist.
--
Read the report before you claim that this is "no big deal" please.
--- Synchronet 3.18b-Win32 NewsLink 1.113