Hacker News new | ask | show | jobs
by yb6677 370 days ago
There isn’t much technical details there either. They list the servers it connected to and log entry but that’s it.

It mentions a CVE number but the apple link is generic and mo details on the CVE database.

Has this even been fixed by apple?
2 comments
tonyhart7 370 days ago
we talking about state sponsored actor with zero day vuln here

You would not find info anywhere

link
Thorrez 370 days ago
It's no longer a zero day if Apple already patched it.
link
lcnPylGDnU4H9OF 370 days ago
Just for the sake of being more precise...

On the “vulnerability” it could be considered a zero-day because there was a real exploit against it prior to the exploit being reported by security researchers. It could also be considered not a zero-day because the software vendor is aware of the vulnerability such that no other real exploit of it, regardless of it being patched, will occur on the same day that they learn of it.

It’s kinda moot that it’s been patched. Even if they somehow failed to patch it since the exploit, it is no longer a zero-day vulnerability. But, to your point, knowing that it has been patched is practically (obviously) the same as knowing that the software vendor is aware of the vulnerability.

(Funny enough, they could be aware of it and it still be a zero-day since the definition is how many days have past since the vendor learned of it prior to it being exploited. Though, it would need to be exploited after they learn about it but before they patch it, which is unlikely.)

link
phendrenad2 370 days ago
Why not?
link
9935c101ab17a66 369 days ago
I replied to the parent comment with the info I found:

https://news.ycombinator.com/item?id=44274249

Tl;DR: yes, this was resolved in iOS 18.3.1

link