I powned . Apple cake and eating it.

dbit

Perfect example of the threat industry and its corporate growth and enterprise ability . NSA gets a copy ,........ Highest bidder vulns .

http://gizmodo.com/newly-discovered-exploit-makes-every-iphone-remotely-ha-1740096591

anvilfour

dbit wrote: »

Perfect example of the threat industry and its corporate growth and enterprise ability . NSA gets a copy ,........ Highest bidder vulns .

http://gizmodo.com/newly-discovered-exploit-makes-every-iphone-remotely-ha-1740096591

The usual disclaimer : I work for Apple but am not speaking on their behalf!

I believe from reading the article that a patch is being issued in the next few weeks for this - naturally this will only apply to device capable of updating to iOS 9 however!

dbit

anvilfour wrote: »

The usual disclaimer : I work for Apple but am not speaking on their behalf!

I believe from reading the article that a patch is being issued in the next few weeks for this - naturally this will only apply to device capable of updating to iOS 9 however!

Well i am not in the know . From the article i took that they are not revealing the vuln to apple as it was more the private / corporate functions of malware and attack vectors coming from what seems to be more of a very lucrative business model . Its just being slapped in everyones face , its not the attack on apple directly that i see as the eyebrow raising element here, its the organisation of Red team and how they are building a strong economy whos fruits will go to the highest bidder.

anvilfour

dbit wrote: »

Well i am not in the know . From the article i took that they are not revealing the vuln to apple as it was more the private / corporate functions of malware and attack vectors coming from what seems to be more of a very lucrative business model . Its just being slapped in everyones face , its not the attack on apple directly that i see as the eyebrow raising element here, its the organisation of Red team and how they are building a strong economy whos fruits will go to the highest bidder.

You wonder if they can tell the NSA anything they don't already know. I only hope they share the exploit with Apple to make it easier to come up with a patch!

I have spent a lot of time agonising over this, even installed CynaogenMod on a Samsung phone in one case to try to avoid malware and backdoors but it seems that there's no way to fully lock down a mobile device - too many vulnerabilities, too much proprietary firmware etc. etc. - at least with a computer you can use a Live CD to make sure all traces of your activities will vanish into the ether soon after you switch off your machine!

Khannie

anvilfour wrote: »

I believe from reading the article that a patch is being issued in the next few weeks for this - naturally this will only apply to device capable of updating to iOS 9 however!

Surely to patch the vulnerability you have to know what it is?

It's a very interesting change in disclosure. 1 million monies is serious business, but also that level of attack is serious business. For the NSA it's easily worth several times that.

Khannie

Interestingly they're after bugs in Tor Browser Bundle. That can only be for selling to nation states.

anvilfour

Khannie wrote: »

Surely to patch the vulnerability you have to know what it is?

It's a very interesting change in disclosure. 1 million monies is serious business, but also that level of attack is serious business. For the NSA it's easily worth several times that.

I have been told by the Gods of Corporate not to comment to customers on this, that usually means we have a fix in the works and are waiting to announce it. Naturally everyone is free to speculate in the meantime, I still think an iPhone is way more secure than a rooted Android phone with all those Google Apps but everyone is entitled to their opinion!

dbit

My phone aint got Root !. I do agree with the amount of bloatware and anything that comes from google play cannot be trusted , same goes for all other free apps.

I wouldn't imagine for one second apple are advising anyone to say anything about this .........

Atta Boy Khannie, I think you get the jist of what makes my nipples chafe on this one .

timmywex

Google paid out $1337 for Stagefright I believe.

Think about the staggering number of RCE vulns that probably exist in Android if something of that severity is getting such a small payout!

Khannie

Google are scabby Knackers. Yeah, I said it google. I'm sitting on something embarrassing for them which I responsibly disclosed initially and which they dismissed. Then I found something even worse which their first dismissal implies they don't care about.

Soon my pretties. Soon.

anvilfour

dbit wrote: »

My phone aint got Root !. I do agree with the amount of bloatware and anything that comes from google play cannot be trusted , same goes for all other free apps.

I wouldn't imagine for one second apple are advising anyone to say anything about this .........

Atta Boy Khannie, I think you get the jist of what makes my nipples chafe on this one .

I think you're right dbit, sadly these things take place above my pay grade but usually when we're told not to comment, it means that a solution is in the works - this is actually one of the reasons I've always been supportive of jailbreaking as it helps reveal flaws and vulnerabilities in iOS which makes for a more secure user experience.

People are free to make up their own minds. Speaking for myself I trust my non jailbroken iPod more than the rooted Android phone on which I installed CynaogenMod due to the Find my iPhone lockout and device encryption, plus the number of Apps you can use to further encrypt your data on the device but to each their own, would love to speak to people who have played around with CynaogenMod or Replicant, see what they have come up with!

dbit

anvilfour wrote: »

I think you're right dbit, sadly these things take place above my pay grade but usually when we're told not to comment, it means that a solution is in the works - this is actually one of the reasons I've always been supportive of jailbreaking as it helps reveal flaws and vulnerabilities in iOS which makes for a more secure user experience.

People are free to make up their own minds. Speaking for myself I trust my non jailbroken iPod more than the rooted Android phone on which I installed CynaogenMod due to the Find my iPhone lockout and device encryption, plus the number of Apps you can use to further encrypt your data on the device but to each their own, would love to speak to people who have played around with CynaogenMod or Replicant, see what they have come up with!

This will only lead to inception , no worries im not apple bashing , I just hate apple products and the DRM hell they bring upon users , the slowness to play other media types the conversions - the itunes required to fart side ways jesus wept.


Love you xx.

anvilfour

dbit wrote: »

This will only lead to inception , no worries im not apple bashing , I just hate apple products and the DRM hell they bring upon users , the slowness to play other media types the conersions - the itunes required to fart side ways jesus wept.


Love you xx.

I honestly do think too much is made out of it. I have VLC installed on my Mac and it'll play any file you want. Perhaps it could support more formats out of the box but I've had the same issues with Windows Media player in the past!

Also with the help of Plex, my gf and I can play any films we like on our Apple TV. When it comes to music iTunes can export any song to MP3 format.

You don't want to use the proprietary Thunderbolt connector? No problem, just use the USB port.

Want to put MP3s on your iPod? Just copy them into iTunes and you can sync them across.

It's not that I think Apple get everything right, it's just that the claims of a lack of interoperability are rather overstated - still, perhaps we should start a new thread for this!