Yes, they do. You made a BLANKET STATEMENT that ACEs are not a problem for iOS.
THIS SPECIFIC VULNERABILITY CANNOT IMPACT iOS... UNLESS YOU CAN SHOW ME ADOBE FLASH AND ADOBE ACROBAT READER APPS FOR iOS THEN YOU ARE LYING.
BS. I'm not the one that made the QUOTED BLANKET STATEMENT.
There is no current jail breaking by the use of PDF. That exploit was CLOSED four weeks ago.
But there were, and it was an Arbitrary Code Execution exploit, right? In bone-stock Apple code only.
Can you admit that an arbitrary code execution exploit was used to completely root a phone with no interaction from the customer other than going to a website? That an ACE exploit can totally root your OS?
Can you, Sword?
Finally, I have never said that an ACE cannot work on an iOS..
And here you are, lying about your lie. I give you this:
In the case of OSX and iOS, PDFs are usually read by native, non-Adobe, routines built into the OS... so they are not at risk either.
We've seen them for iOS, and that we've seen that the native routines were susceptible when Adobe's routines were not. ACE exploits allow ownership of iOS. There are undoubtedly many more, not being used right now (that you know of...) as there is a history of ACEs in PDF readers written by Adobe. Can you admit that?
Oh, and your little statement about it not being possible to attack OSX this way? Sorry, you're wrong, it's happened in the past. And there are many, many more ACE exploits that will compromise OSX, per Apple's own statements about those holes.
And it will definitely happen again in the future. Only a shill of the highest order would deny any type of attack or hole in an OS.
And what's with copying a bunch of other people on your failed defenses? Is it because you're hoping someone else will bail you out?
PugetSoundSoldier -- you're language is completely inappropriate on these threads. Name calling is absolutely inappropriate. Clean up your language or I will call in a moderator.
I JUST DID, PUG! I would use a much stronger epithet for you, but I am trying hard to be civil to you—you don't deserve it, considering your name calling and insults to me, but this forum does.
READ WHAT I WROTE!
Why do you want people to think you are an idiot, incapable of reading what was written? If I wrote that an exploit NO LONGER WORKS—and admitted that it DID work—don't you think that is an ADMISSION? GOOD GRIEF! Quit MISREPRESENTING WHAT I SAID! Oh, and your little statement about it not being possible to attack OSX this way? Sorry, you're wrong, it's happened in the past. And there are many, many more ACE exploits that will compromise OSX, per Apple's own statements about those holes.
Reporting "vulnerabilities" with a POSSIBLE ACE is not an EXPLOIT... when not one exploit has ever been reported is not "it's happened in the past," Puget, as much as you wish it has happened... or scream and shout that it HAS HAPPENED.
That's like saying that just because you can breakdown the glass door to the bank, you can also then just walk into the closed and locked vault. The theoretical (and that's all that it is) vulnerability merely opens the door for an event TO possibly happen, because one part of the defenses may have been compromised. But the ACE is STOPPED by another line of protection in place designed to prevent this exact scenario. In this event it is stopped by the fact that the malicious file (from your link) MUST be in the data stack for PREVIEW to act on, because it is DATA... and the Data stack is a NON-EXECUTE memory location and the OS prevents anything in the Data stack from executing code. ERGO, the malicious code in the "PDF opened by Preview" cannot execute.
That is a fact... regardless what the standard boiler plate legal phrasing in the CVE report says. Unless you can show me an actual EXPLOIT using this vulnerability in the wild, you cannot claim "it's happened in the past." The CVE itself merely states: "Successful exploitation may allow execution of arbitrary code..." They phrase it that way for a specific reason. They state it that way because the listing agency DOES NOT KNOW THAT IT WILL, and includes that line in all CVEs to cover their legal asses. Again, Pug, words mean things... and in this instance the word "may" is very important... it does not say "WILL!" Tell the truth, and quit claiming a "vulnerability" is an "exploit." The difference is the difference between truth and FUD.