Ancestors

Toot

Written by Mysk🇨🇦🇩🇪 on 2024-12-12 at 23:41

The severity level of this bug is critical, 9.8 out of 10. Upgrade your devices.

https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2024-54492&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=CISA-ADP

[#]iOS #iPhone #security #infosec #Apple #cybersecurity

https://mastodon.social/@mysk/113636630798700926

=> More informations about this toot | More toots from mysk@mastodon.social

Descendants

Written by x43r0 on 2024-12-13 at 01:25

@mysk do you know why it’s a 9.8? Was it sending the passwords when grabbing the icons?

=> More informations about this toot | More toots from x43r0@infosec.exchange

Written by Amir 🥳 on 2024-12-13 at 02:35

Apple fans are downplaying this, but imo this is super concerning.

This is like seeing mold in an otherwise immaculate building.

What’s worse is that Apple doesn’t even allow http for third party apps.

This getting through means there’s no log flow analysis on their apps and possibly not on their phones either? Idk. Not great.

=> More informations about this toot | More toots from amir@mastodon.sandwich.net

Proxy Information
Original URL
gemini://mastogem.picasoft.net/thread/113642497986499381
Status Code
Success (20)
Meta
text/gemini
Capsule Response Time
366.638352 milliseconds
Gemini-to-HTML Time
0.840373 milliseconds

This content has been proxied by September (ba2dc).