Ask HN: What happened to Apples “rapie response” security updates

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Webkit Browser Web JavaScript MacOS

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • WebKit

    Home of the WebKit project, the browser engine used by Safari, Mail, App Store and many other applications on macOS, iOS and Linux.

    • The current CVE seems to be related to the InjectedBundle API, which also allows IndexedDB access. Back in 2021 there was the "history leaking" bug where you could write a little JS code to access the devtools whose window shared the IndexedDB with the rest of all tabs (and cookies, and userdata etc).

    If you take a look at the recent WebKit commits, it seems like there were a bunch of bugs related to the InjectedBundle, that's why I am assuming it might be a critical RCE that results in yet another use after free in the IndexedDB or related code.

    [1] https://googleprojectzero.github.io/0days-in-the-wild/0day-R...

    [2] https://github.com/WebKit/WebKit/commits

    (see also the other release versions, not only main branch)

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Disabling iOS Personalized Ads tells kernel to kill daemon every 3 seconds

    3 projects | news.ycombinator.com | 24 Nov 2023

  • Apple's Safari browser is still vulnerable to Spectre attacks

    1 project | news.ycombinator.com | 30 Oct 2023

  • iLeakage: Browser-Based Timerless Speculative Execution Attacks on Apple Devices

    3 projects | news.ycombinator.com | 25 Oct 2023

  • WebKit implements canvas noise injection

    1 project | news.ycombinator.com | 23 Aug 2023

  • Mozilla Standards Positions Opposes Web Integrity API

    3 projects | news.ycombinator.com | 24 Jul 2023