You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
Seems strange that Apple can't be arsed to check their own OS for vulnerabilities and it leaves it up to their major rival to find it and inform them.
Just shows how much they believe their own hype.
https://www.bbc.co.uk/news/technology-49520355
no software is perfect.
its been fixed.
there will be more exploits found.
they will be fixed too.
android is no different.
Strange google can't be arsed to check their own OS for vulnerabilities and leaves it up to the general public to find them
https://www.google.com/about/appsecurity/android-rewards/
Strange google can’t be arsed to check their own OS for vulnerabilities and leaves it up to the general public to find them
Project Zero.
Strange google can’t be arsed to check their own OS for vulnerabilities
Except they do ^ (Project Zero)
Does Apple have an equivalent of Project Zero?
Beat me to it, I was just about to post about this.
Strange google can’t be arsed to check their own OS for vulnerabilities and leaves it up to the general public to find them
Standard practice, Bug Bounties are commonplace in the security world.
Does Apple have an equivalent of Project Zero?
I've no idea, but being a more private company that google I doubt you'll ever find out.
Standard practice, Bug Bounties are commonplace in the security world.
Should have put my irony marker on that post, but to suggest that Apple don't check their security because they believe their own hype is frankly ridiculous.
its been fixed.
In February apparently.
Why is it being reported now?
Not sure but probably because Project zero always release details of a vulnerability they discover after a set time period (regardless of any action).
They patched it in six days, that's pretty good.
Apple have had some howlers though, such as shipping OSX High Sierra with the root account unlocked with no password.
Apple certainly have an in-house team looking at vulnerabilities in Apple devices & software, no clue if they also fund a team looking at other vendor's products (having that is no indicator to how seriously a company takes security). Apple do offer a bug bounty program to incentivise 3rd party's to look for vulnerabilities in their products, that's more of an indicator.
If you're going to criticise Apple here then criticise ever other software/hardware vendor that's ever had a security issue in one of their products.
Mr Beer’s list of examples also included Google products such as Gmail and Hangouts, the firm's group video chat app.
Blimey you'd think Google would check their software for vulnerabilities.
Exactly what some Apple users will be thinking 😜
They surely can afford a security dept. To exploit bugs to then fix ...!
Makes you wonder who buys new Apple products still as £1500 for a mobile handset is just - well BONKERS
Google were upfront that the exploit allowed their own products to be exploited on an affected iPhone.
Can't see they are to blame if the phone itself is the vulnerability?
Anyway...
What makes this particularly interesting is that this wasn't a a theoretical threat. It had been out there in the wild for 2 years.
I wonder how much money has been paid out by individuals or organisations to keep what was revealed secret?
Could have been a really good money earner.😉
Can’t see they are to blame if the phone itself is the vulnerability?
Technically it was Safari rather than the phone. I know they're two cheeks of the same arse, but...
What makes this particularly interesting is that this wasn’t a a theoretical threat. It had been out there in the wild for 2 years.
Indeed.
Makes you wonder who buys new Apple products still as £1500 for a mobile handset is just – well BONKERS
Silly question. I don’t really get it either, but it’s the same people who buy Audis, Mercedes, BMWs, etc
Shouldn't really be news, all major SW systems have zero day vulnerabilities which someone, somewhere is exploiting (often nation states who spend millions hacking the systems so they can spy on people of interest). China has 1000s of SW engineers working on this stuff full time, so they can steal US / European military / technology IPR; it's a core strategy of the Communist Party.
Makes you wonder who buys new
AppleSamsung products still as£1500£2000 for a mobile handset is just – well BONKERS
FTFY.
Apple offer a $1million bounty for exploits discovered by people outside of Apple; I’d think that would incentivise hackers to go digging around for flaws in the code.
I wonder if those having a dig at Apple for OS flaws have ever done real-world debugging on millions of lines of code...
Mr Beer’s list of examples also included Google products such as Gmail and Hangouts, the firm’s group video chat app.
Blimey you’d think Google would check their software for vulnerabilities.
It's OK, no one ever used Hangouts anyway.
It’s just been announced that this vulnerability was discovered and exploited by the Chinese state and aimed directly at Chinese Uighur Muslims, so it was highly specialised and with little to no consequences outside of China itself.
https://techcrunch.com/2019/08/31/china-google-iphone-uyghur/?guccounter=1
Further info about these attacks by the Chinese government on Uyghur Muslims; it involved Android and Windows desktop as well:
https://siliconangle.com/2019/09/01/report-china-behind-iphone-hacking-targeted-android-windows-well/
Wouldn't surprise me if a few nation states (inc. Western ones) are/were using it - anything that allows location tracking tends to be more useful for them than for organised crime groups.
CountZero
Member
Makes you wonder who buys new
AppleSamsung products still as£1500£2000 for a mobile handset is just – well BONKERSFTFY.
What handset is that then?
What handset is that then?
I believe the new "Fold" is slated to be somewhere around the $2000 - which will probably convert directly to £.
Samsungs flagships are in the £1000 - £1200 range.
My S9 was £689 just over a year ago. At the time that was expensive!
If you’re going to criticise Apple here then criticise ever other software/hardware vendor that’s ever had a security issue in one of their products.
I think the criticism is because of the legions of fans who bang on about Apple being soo much more secure and not like that silly Android/Windows stuff and you don't even need security precautions and blablabla
But really it's just BAU - software has defects.
I think the criticism is because of the legions of fans who bang on about Apple being soo much more secure
It probably is much more secure than Android, but that doesn't make it perfect. Android was just designed to sell Advertising, security was every much a secondary consideration; although Google seem to be making attempts to catch up now.
However, throw the largest nation states hacking empire at a OS, with almost unlimited resources and you'll find a way in...
jimdubleyou
I believe the new “Fold” is slated to be somewhere around the $2000 – which will probably convert directly to £.
Samsungs flagships are in the £1000 – £1200 range.
Well the Fold isn't out yet, and also it isn't really a phone but a phone and a tablet in one device in a form factor which is cutting edge so you would expect to pay top dollar for it.
The S10/S10+ are the current flagship at £799/£899 respectively (and actually available sim free for £629). The Note 10+ will be out shortly at £999.
Did anyone try and read the detail of these vulnerabilities? I can't even begin to imagine how people find these holes never mind understand them if someone else finds them 🙁
https://googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-1.html
It's not like stumbling across a key hidden under a suspicious rock next to your front door or using pi to unlock the 'code' on the tech filing cabinets. This sort of stuff seems to imply they had access to source code to find the holes
The Note 10+ will be out shortly at £999.
Or £1200 if you buy the most expensive one ( I looked on Samsung's site).
There was a 5G version of the S10 retailing for £1399, now down to "just" £1099...
Well the Fold isn’t out yet, and also it isn’t really a phone but a phone and a tablet in one device in a form factor which is cutting edge so you would expect to pay top dollar for it.
Yeah, I was just trying to work out what the £2000 handset is.
This sort of stuff seems to imply they had access to source code to find the holes
They say there are two types of company. Those who know they’ve been hacked by the Chinese and those who don’t know...
Yep. We have some people in DPRK right now and they were asking how they could secure their computers 😀
The answer is of course don't ever type anything that you wouldn't be happy having read back to you by someone official. Even if they don't hack you they can just make you open you computer
Some interesting stats on numbers of bugs found and severities...
https://www.bleepingcomputer.com/news/security/five-more-hackers-become-millionaires-on-hackerone/
And a major bug in Chrome has been found..
The answer is of course don’t ever type anything that you wouldn’t be happy having read back to you by someone official. Even if they don’t hack you they can just make you open you computer
You don’t even have to type anything yourself, if the experience of one student entering the USA is anything to go by - after reading something posted by a third party on his Fb/Twitter feed, he was questioned for fifteen hours, then thrown out of the country, all because of something some random individual that he didn’t know wrote online.