This is always the same, they usually reveal this information a few days after the release is made. For two reasons: 1. they don't want to hand out this information to attackers until a significant chunk of their users has updated; 2. they may also be preparing updates for users who are not on the latest macOS/iOS versions (as they usually do).

This is the level of support you get from a trillion dollar company?

Apparently they care about their users not getting exploited. Remember that many macOS/iOS users are not subscribed to the debian-security list and running apt-get update ; apt-get dist-upgrade twice a day.

The level of support is: install this update if you want to be secure. The idea is that you don’t need to know all that other information. Install the update to be secure.

>The level of support is: install this update if you want to be secure.

That is as useless as is it is passive aggressive to someone who needs to plan and prioritize updates on a large number of machines. Pissing off your current customers with shitty support is a good way to lose future business though.

You don’t need to plan and prioritize these updates. You can only install them in one order and the proper time is now.

If this pisses you off you’re not Apples target audience.

Apple’s criteria was that these were important enough to fix that they released an out-of-stream OS update for them.

> What version range is affected?

Good question.

> What applications or system utilities are affected? Is it remotely exploitable or local only? Does it require elevated privileges?

I thought it was clear. Any report not saying a vulnerability requires elevated privileges means it doesn't. An application means any application. WebKit means possibly anything with WebKit including 3rd party apps. Applications are local. Web content can be remote. Combining exploits could give you kernel privileges remotely.

>I thought it was clear.

>An application means any application.

This is a "actively exploited" zero day bug which means there would be specific applications written to exploit this bug. Which application(s) did that? Who specifically crafted their application to exploit the OS X kernel?

> This is a "actively exploited" zero day bug which means there would be specific applications written to exploit this bug. Which application(s) did that? Who specifically crafted their application to exploit the OS X kernel?

It said Apple is aware of a report that this issue may have been actively exploited. Not aware it was. And possibly any WebKit application can be exploited and used to exploit the kernel.

The Android security bulletins are pretty straightforward and include links to the actual patches: https://source.android.com/docs/security/bulletin/2022-07-01...

This thread isn't about Google or Android. So stop with the what about this and that crap.

What they do doesn't excuse Apple anyways.

Generally agree that whataboutism is often unhelpful and how Google operates doesn't excuse Apple but that's not what was asked. The question was "This is the level of support you get from a trillion dollar company?", so someone coming in and pointing out that it's the same or worse at other trillion dollar companies is answering the question.