from Hacker News

PEGASUS iOS Kernel Vulnerability Explained

by ssclafani on 9/2/16, 3:17 PM with 17 comments

  • by yborg on 9/2/16, 6:44 PM

      Because we at SektionEins believe keeping the public in the dark about details of already fixed vulnerabilities is wrong...

  ...use our private jailbreak...
    i.e. your undisclosed vulnerabilities bad, my undisclosed vulnerabilities are cool.

    Useful analysis, but casting a marketing endeavor as a public service is rather disingenuous.

  • by whoopdedo on 9/2/16, 7:57 PM

    Once again demonstrating that the term "zero day" is horribly overused and misused and probably should be eliminated from the lexicon, the OSUnserializeBinary bug doesn't appear to be new. Brandon Azad[1] says he discovered it last year. It was fixed in OS X in May. Or maybe the fix didn't work since they had to make another patch this week.

    [1] https://bazad.github.io/2016/05/mac-os-x-use-after-free/

  • by a2tech on 9/2/16, 6:39 PM

    Did these guys just admit they have their own private jailbreak? That seems like something you'd keep quiet

  • by klue07 on 9/2/16, 6:31 PM

    Apple also released a fix for OS X with its latest update.

    https://support.apple.com/en-us/HT207130

  • by reiichiroh on 9/2/16, 10:30 PM

    Realistically, is this in the wild under active exploit? With the likelihood of infection remote unless one is a UAE-targeted activist?

  • by stevenh on 9/2/16, 7:45 PM

    Are people who never install new apps on their Mac safe without updating for now, or can this be exploited over the web?