← Back to context

Comment by yb6677

1 day ago

There isn’t much technical details there either. They list the servers it connected to and log entry but that’s it.

It mentions a CVE number but the apple link is generic and mo details on the CVE database.

Has this even been fixed by apple?

5 comments

yb6677

Reply

tonyhart7 1 day ago

we talking about state sponsored actor with zero day vuln here

You would not find info anywhere

Thorrez 1 day ago
It's no longer a zero day if Apple already patched it.
- lcnPylGDnU4H9OF 1 day ago
  
  Just for the sake of being more precise...
  On the “vulnerability” it could be considered a zero-day because there was a real exploit against it prior to the exploit being reported by security researchers. It could also be considered not a zero-day because the software vendor is aware of the vulnerability such that no other real exploit of it, regardless of it being patched, will occur on the same day that they learn of it.
  It’s kinda moot that it’s been patched. Even if they somehow failed to patch it since the exploit, it is no longer a zero-day vulnerability. But, to your point, knowing that it has been patched is practically (obviously) the same as knowing that the software vendor is aware of the vulnerability.
  (Funny enough, they could be aware of it and it still be a zero-day since the definition is how many days have past since the vendor learned of it prior to it being exploited. Though, it would need to be exploited after they learn about it but before they patch it, which is unlikely.)
phendrenad2 1 day ago

Why not?

9935c101ab17a66 10 hours ago

I replied to the parent comment with the info I found:

https://news.ycombinator.com/item?id=44274249

Tl;DR: yes, this was resolved in iOS 18.3.1