“iPhones Running iOS 14.6”I can't imagine that newer iPhone models and newer iterations of iOS are being affected with such ease. Especially a no-click infection.
Imagine more. Read more.
“iPhones Running iOS 14.6”I can't imagine that newer iPhone models and newer iterations of iOS are being affected with such ease. Especially a no-click infection.
I know. But the original comment was Apple being last but better.FYI, iPhone preceded Android.
Ok, all opinion.Apple's only got itself to blame.
iMessage was a festering cesspit of vulnerability since they added all this nonsense, emojos, apps (!!!) - well adding apps and an app API to your messsaging is a guaranteed way to open it up to all sorts of vulnerabilities
apple has massive problems that are built into iOS and Mac OS, that are are non-fixable:
- Video player with thousands of features and a multiple decades old codebase - this is going to have enough zero days for the next 100 years
For you, maybe, but they seem to be popular.- iMessages, wantonly compromised by features nobody is using, since they're all walled garden features relying on network effects, therefore all doomed to fail. There was no reason to do this. Just show the text. Add images. Done.
Ok, opinion noted.- FaceTime - likely has endless vulnerabilities as well, like QuickTime
And yet, Android and Microsoft patch hordes of vulnerabilities also.And many others - there's so much stuff they're building that's a security disaster from the get go.
I have followed the "security related updates" for the past few iPhone updates, and it's pretty shocking, yet not surprising, as each one of these point updates fixes 10, 20, or even 30 zero day exploits.
millions left to go.
Apple won't remove these features. They will patch up vulnerabilities just like they've been doing.As explained above iMessage is the only one of these that's an intentionally designed security disaster.
The others have images, video, basic stuff and are likely only vulnerable to OS level video player exploits.
iMessage has a huge amount of features and even an app API - like every single security researcher in the world surely was doing, I was also facepalming myself when I first heard about the feature set - it's a few years ago now that this came out, iOS 11 maybe? Not sure. iMessage needs to remove all these dumb features again.
Ok, more opinion.I don't like blaming people but in this case, it's all on apple
- They DO actually have infinite resources with 200Bn USD in the bank
The old emojis over fix software meme?- They continually prioritize features some marketing monkeys thought up - iMessage, targeted here, is the best example.
Nice whataboutism.Apple has really good engineers working there, I am 100% sure some of them spoke up and sad "guys, this is a bad idea there's no way to make an app API, tons of animation features, customizable emojis, customizable animations, free floating sticky notes, all secure in one big release. We need to hold off on this. but they were outvoted by the marketing monkeys ("this will sell more iphones")
That explains why Microsoft just patched 117 flaws across its' products.- Their software process is antiquated and wasn't good when it was first invented sometime in the 80ies. That's why Avi left.
The point was we ("we" as in posters that don't have Apple inside information) don't know if this was patch, will be patched and what software it will be or was patched for.14.7 contains the new technology that allows its features to travel back through time and correct existing data leaks?
They'll patch the underpinnings (I don't know if you consider that an overhaul), but they most probably won't be giving an imessage an "overhaul" in the sense of the word in the sentence.iMessage is an abomination anyways, hopefully this kind of exposure will get them to overhaul it.
Apple have more resources than any other company in the world. And more than most governments. The fact this software is available was well known.Apple don't have infinite resources, and in infosec, there's always someone smarter out there who'll be willing to try and break into your system - it is impossible for a system to be perfect.
You can bet that Apple will be doing everything they can to resolve it soon - that's the responsibility.
Right next to pregnant dad. 😂“theres an emoji for that” quelling our concerns
Governments are by nature authoritarianism. The last thing they want is for the plebes to have free will. I wouldn‘t be surprised one bit if you could trace this all the way through, multiple three letter organizations use this technology.Make no mistake: there is an ideological war of democracy vs authoritarianism. Governments need to step up to keep tech like this from falling into the wrong hands, and it’s completely unacceptable that companies are allowed to outright sell it to oppressive regimes.
Because that’s the case. iOS market share is very low in many places so an iOS-only communication platform is useless. In Europe everybody uses WhatsApp and Messenger, with a shift (hopefully) towards Signal or Telegram.a good question; what makes you think that "not many people outside the United States use iMessage"
That's not how zero day works...we need a little amber light to know we’ve been hacked.
I don’t think I recognise more than 2 of the acronyms you usedread the actual article. these kind of attacks use DGA domain names (the domain is generated, registered, and SSL cert is automatically generated), which can be easily identified on DNS server side, and name resolution for that URL can be blocked. the oDoH mechanism in Apple Private relay can protect your back in this regard.
also EFF can do - actually they do - a lot about it by also refusing to issue certificates for DGA FQDNs.
So any time anything is hacked, blame the vendor? Ridiculous.Biggest culprit here is apple for sure. They have responsibilities here and should have been on top of it.
the company that produces this software must be freaking geniuses
For sure, completely wishful thinking from my end.They'll patch the underpinnings (I don't know if you consider that an overhaul), but they most probably won't be giving an imessage an "overhaul" in the sense of the word in the sentence.
Apple will eventually get around to it, but they're too busy right now fighting Right-To-Repair legislation.Apple don't have infinite resources, and in infosec, there's always someone smarter out there who'll be willing to try and break into your system - it is impossible for a system to be perfect.
You can bet that Apple will be doing everything they can to resolve it soon - that's the responsibility.
You're acting as if this is some gaping hole nobody bothered to look at. And of course, you're running with it with a projection you've created of Apple that doesn't even fit the scenario.I don't like blaming people but in this case, it's all on apple
- They DO actually have infinite resources with 200Bn USD in the bank
- They continually prioritize features some marketing monkeys thought up - iMessage, targeted here, is the best example. Apple has really good engineers working there, I am 100% sure some of them spoke up and sad "guys, this is a bad idea there's no way to make an app API, tons of animation features, customizable emojis, customizable animations, free floating sticky notes, all secure in one big release. We need to hold off on this. but they were outvoted by the marketing monkeys ("this will sell more iphones")
- Their software process is antiquated and wasn't good when it was first invented sometime in the 80ies. That's why Avi left.
I followed you up to “If you want a phone that has security as a #1 feature priority, then go and find another vendor.”You obviously have no idea how the real world works. I'm sure even if Apple spent every cent of that $200b, there would still be an exploit somewhere (or one inadvertently created) that someone will find and use. It's human nature, nobody is perfect, and perfection is near enough impossible.
There are potentially up to 100m of lines of code in iOS / macOS, then hundreds (maybe thousands) of engineers. How could that be choreographed in the real world to be perfect? Spoiler: it's impossible.
If Apple didn't have all of these new features, who would buy the phone? If you want a phone that has security as a #1 feature priority, then go and find another vendor.
I'm fully confident in Apple's ability to secure their devices from the vast majority of attacks - this new exploit is obviously exceptionally well researched and funded far beyond the capabilities of "normal" attackers.
So because your house got attacked by a specialist unlocker you want to throw away ALL your locks so anyone can get in as well? Geez..But Apple says alternative app stores will be the downfall of iPhone security. Seems like iOS is already quite vulnerable.