Hacker News new | past | comments | ask | show | jobs | submit login

I was about to post that these exploits should be substantially mitigated by iOS sandboxing (you can get arbitrary code execution, but can't get out of the exploited process's sandbox without a second exploit), but then saw CVE-2016-4627 [1] also in the 9.3.3 release notes, which is a local privilege escalation exploit that allows arbitrary code execution with kernel privileges.

There's not a ton of detail out there on the second exploit, so I'm not sure whether or not they can actually be paired to gain kernel privileges remotely. Still, more than enough reason to take these issues seriously and make sure you upgrade in a timely manner.

[1] http://www.securityfocus.com/bid/91831




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: