Is Big Sur 11.6.8 vulnerable to the latest MAJOR zero day security issues in Webkit!? 8/19/22

There is very little practical risk to any of these “exploits”. There is an industry of social media influencers and Apple’s major competitors who look for Apple security bugs for a living. Then, when they find something, no matter how small, they extort Apple into releasing an update or else they will publish their exploits.

There is no risk to individual users. Apple doesn’t mind because it drives people to update their systems and buy new hardware. So it is a win-win-win for everyone, except Apple users.

Hawkey22 wrote:

Thanks for your input, I am not a cyber security or tech person but this sounds more than a harmless gap:

If you are not a cyber security or tech person, then how would you be able to make that determination? Those social media stories are crafted by experts, experts in social manipulation, to influence your opinions and control your actions. Don’t kid yourself. They are very good at what they do.

You should update your devices when Apple publishes new versions. But you don’t have to be worried about it. Apple has the real cyber security and tech experts. You can trust them much more than anything you read in the internet.

Part of the problem lies in WebKit (the Javascript engine, specifically) and they updated that for all OS back to Catalina. My guess is that WebKit allowed to exploit a hole in the kernel and they plugged both in Monterey and only the Safari 'access' part in the older ones for now (but later security updates might fill the hole in the kernel as well).

You already called Apple and thus we know Big Sur (and probably previous ones) isn't vulnerable at kernel level, but Firefox doesn't use WebKit (it's the only 'big' one out there that doesn't in one way or another, so handy to keep around), so it might very well be that Firefox also is capable of triggering the exploit (on Monterey only), but it is impossible to know or guess.

Hawkey22 wrote:

Apple also stops updating older products

But they don't stop selling new ones!

Do you know all about the current Webkit exploits? Can you be 100% sure that "There is no risk to individual users. " Based on all applications that an individual maybe involved in? That is a pretty bold statement.

Well if I'm wrong, then you need to turn off and stop using all of your Apple products immediately. These stories go viral easily every month. Do I know about all he current Webkit exploits? No, I don't. Neither do I care. Aren't you concerned about the exploits that haven't been published yet? How do you know there aren't active exploits in the wild right now that nobody knows about? By your logic, there is only one 100% guaranteed safe option - turn off the device and keep it off. If you do anything else, then that's on you. You are the one taking the big risk.

Hawkey22 wrote:

Can you be 100% sure that "There is no risk to individual users. "

Nothing is certain in life. However, with approx. 7.97 billion people in the world, I'm not too concerned I will be targeted.