来 源 丨量子位 （ID： QbitAI ） 作者丨鹭羽 图源丨 midjourney 马斯克又双叒叕把OpenAI告了，这次买一送一，还捎带上了苹果。 最新消息，xAI向 OpenAI 和 苹果 公司正式提起反垄断诉讼，指控苹果在Apple Store里操纵应用排名榜单，偏袒OpenAI和ChatGPT，同时打压马斯克自 家的 Grok 。 网友也确实发现，现在打开苹果商店铺天盖地都是 ChatGPT 的广告： 这也不是马斯克第一次和OpenAI对簿公堂，它家官方估计也是习以为常了，迅速发表回应道： 这次诉讼和马斯克持续的骚扰模式是一致的。 反观苹果这边，现在还在躺尸装死……果真是神仙打架，池鱼遭殃。 马斯克起诉ChatGPT和苹果 在这份长达61页的起诉书中，马斯克指控两家公司于去年签署的合作协议，是在联手垄断AI市场，构成了不正当竞争。 协议规定， 苹果会将ChatGPT集成到iOS、iPadOS和macOS中 ，使其成为苹果设备上唯一的生成式AI聊天机器人。 例如Siri将会在必要时调用ChatGPT输出更复杂、准确的回答，以及ChatGPT将会被嵌入苹果的写作工具中，帮助用户起草生成内容。 基于苹果 ...

鹭羽 发自 凹非寺 马斯克又双叒叕把OpenAI告了，这次买一送一，还捎带上了苹果。 量子位 | 公众号 QbitAI 最新消息，xAI向OpenAI和苹果公司正式提起反垄断诉讼，指控苹果在Apple Store里操纵应用排名榜单，偏袒OpenAI和ChatGPT，同时打压马斯克自家的 Grok。 网友也确实发现，现在打开苹果商店铺天盖地都是ChatGPT的广告： 多个榜单下ChatGPT也是名列前茅，而其它生成式AI应用的身影则寥寥无几。 这也不是马斯克第一次和OpenAI对簿公堂，它家官方估计也是习以为常了，迅速发表回应道： 这次诉讼和马斯克持续的骚扰模式是一致的。 反观苹果这边，现在还在躺尸装死……果真是神仙打架，池鱼遭殃。 马斯克起诉ChatGPT和苹果 在这份长达61页的起诉书中，马斯克指控两家公司于去年签署的合作协议，是在联手垄断AI市场，构成了不正当竞争。 另外，苹果也被指控操纵App Store排名，延迟应用程序更新，让Grok长期处于不利地位。 因此，xAI向OpenAI和苹果寻求数十亿美元的赔偿，并要求法院认定两家公司的合作属于违法行为。 不过有意思的是，在诉讼书里马斯克甚至还暗暗拉踩苹果 ...

鹭羽 发自 凹非寺 量子位 | 公众号 QbitAI 马斯克又双叒叕把OpenAI告了，这次买一送一，还捎带上了苹果。 最新消息，xAI向 OpenAI 和 苹果 公司正式提起反垄断诉讼，指控苹果在Apple Store里操纵应用排名榜单，偏袒OpenAI和ChatGPT，同 时打压马斯克自家的 Grok 。 网友也确实发现，现在打开苹果商店铺天盖地都是 ChatGPT 的广告： 多个榜单下ChatGPT也是名列前茅，而其它生成式AI应用的身影则寥寥无几。 这也不是马斯克第一次和OpenAI对簿公堂，它家官方估计也是习以为常了，迅速发表回应道： 这次诉讼和马斯克持续的骚扰模式是一致的。 反观苹果这边，现在还在躺尸装死……果真是神仙打架，池鱼遭殃。 马斯克起诉ChatGPT和苹果 在这份长达61页的起诉书中，马斯克指控两家公司于去年签署的合作协议，是在联手垄断AI市场，构成了不正当竞争。 协议规定， 苹果会将ChatGPT集成到iOS、iPadOS和macOS中 ，使其成为苹果设备上唯一的生成式AI聊天机器人。 例如Siri将会在必要时调用ChatGPT输出更复杂、准确的回答，以及ChatGPT将会被嵌入苹果的 ...

Apple has reportedly patched a zero-day flaw in its ImageIO framework.By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions .Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.That’s according to a report Friday (Aug. 22) by Dark Reading, which noted this is the latest in ...

RT fawi (@freakyfawi)High net worth individuals in crypto are currently being targeted because of a Zero-Day exploit in the apple ecosystemIf anyone sends you a picture (iOS or macOS), they can drain your walletsUpdate to the newest iOS and macOS versions immediately ...

Apple patched a critical zero-day (CVE-2025-43300) in the ImageIO framework, already exploited in the wild.Update NOW to iOS 18.6.2 / iPadOS / macOS or risk attack via malicious images.Stay safe!https://t.co/KXtasquEsp ...

RT Yishi (@ohyishi)尽快把你的 ios 和 macos 升到最新版。apple 出了个野外 0day 高危洞，不是 poc，有人在用它打，cve-2025-43300。漏洞原理是发你一张特制的图片，就能越界读写内存，顺下去就是直接远程 rce，我看现在已经有人在跑 payload。 ...

Core Insights - Apple has released an urgent update to address a zero-day vulnerability identified as CVE-2025-43300, which was exploited in highly sophisticated targeted attacks [1][3] - The vulnerability was found in the Image I/O framework, and Apple has implemented improved boundary checking measures to mitigate the risk of further exploitation [3] Summary by Categories - **Vulnerability Details** - The zero-day vulnerability CVE-2025-43300 was used in complex targeted attacks against specific individuals [1][3] - There is evidence that hackers have already exploited this vulnerability [3] - **Company Response** - Apple has issued a broad security patch that affects multiple operating systems, including iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8 [3] - Users are advised to install the latest security updates promptly to protect against potential memory corruption risks when handling malicious image files [3]

Data Security - Simply deleting files and emptying the Trash/Recycle Bin is insufficient for secure data removal [1] - A step-by-step guide is available for secure data deletion [1]

Core Viewpoint - The article discusses a significant security vulnerability in macOS/iOS systems that can be exploited through malformed X.509 certificates, leading to Denial-of-Service (DoS) attacks, as revealed by Alibaba Security's research [1][2][3]. Group 1: Research Findings - Alibaba Security, in collaboration with Indiana University, identified a new attack vector using malformed X.509 certificates to detect potential DoS vulnerabilities in cryptographic libraries [2]. - The research led to the discovery of 18 new CVE vulnerabilities and the identification of 12 known CVE vulnerabilities across six major open-source cryptographic libraries and one Apple-specific library [4]. - The findings were presented at the USENIX Security '25 conference and received a nomination for the Pwnie Awards [3]. Group 2: Attack Mechanism - The research highlights that malformed X.509 certificates can trigger DoS attacks by exhausting system resources during certificate parsing and validation processes [7][8]. - Attackers can exploit these vulnerabilities by sending malformed certificates via email or during TLS handshake processes, causing systems to become unresponsive [9][10]. - The study emphasizes that existing cryptographic APIs are often complex and can be misused, leading to security risks even when developers follow guidelines [10][11]. Group 3: Contributions and Tools - The research team conducted a systematic analysis of cryptographic libraries, identifying three new types of DoS risks and proposing malformed X.509 certificates as a universal attack vector [13]. - They developed an automated tool named X.509DoSTool to generate specific malformed certificates and detect corresponding DoS vulnerabilities in cryptographic libraries [28]. - The tool successfully identified new vulnerabilities and demonstrated the feasibility of using malformed certificates to exploit DoS vulnerabilities in real-world scenarios [30]. Group 4: Mitigation Strategies - The article suggests that developers should adopt secure programming practices and be aware of potential security risks when implementing cryptographic libraries [32]. - Recommendations include implementing checks for user inputs, optimizing code for efficiency, and limiting the size of certificates to mitigate potential DoS attacks [33]. - The research advocates for the gradual removal of redundant features in cryptographic libraries to enhance overall security [34]. Group 5: Conclusion - The study underscores the importance of recognizing X.509DoS as a widespread but under-researched security threat, calling for increased attention from the security community [34]. - The research aims to enhance awareness of cryptographic vulnerabilities and inspire further exploration of effective detection and defense mechanisms [34].