Well, if they or Google *knew* of other websites that have exploited these vulnerabilities, I'm sure they would have been mentioned. It's not "skirting the truth" when the truth isn't known.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Disputes Some Details of Google's Project Zero Report on iOS Security Vulnerabilities [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
Well, if they or Google *knew* of other websites that have exploited these vulnerabilities, I'm sure they would have been mentioned. It's not "skirting the truth" when the truth isn't known.
Amazing how everything that goes wrong with Apple's products or software is somehow always limited in scope. "In very rare cases...", blah blah blah. In this instance does Apple have actual evidence the distribution of the exploit was limited to just a few websites? Did they crawl the entire web to establish that? Did they also consider the possibility the exploit could exist in other forms/packaging that a simple search wouldn't uncover?
The fact of the matter is that this was a major exploit in terms of the potential security compromised by it, and that it could be executed passively by simply visiting a website. The fact the exploit may or may not have been actively being used on a mass scale is immaterial other than for PR damage control. Instead of worrying so much about how the exploit is being perceived maybe Apple could instead describe how it was allowed to happen and go unnoticed for years and what steps they plan to take to audit their code to help assure that such exploits wont be discovered in the future.
The fact of the matter is that this was a major exploit in terms of the potential security compromised by it, and that it could be executed passively by simply visiting a website. The fact the exploit may or may not have been actively being used on a mass scale is immaterial other than for PR damage control. Instead of worrying so much about how the exploit is being perceived maybe Apple could instead describe how it was allowed to happen and go unnoticed for years and what steps they plan to take to audit their code to help assure that such exploits wont be discovered in the future.
He doesn't have to look for anything. Android and windows were also affected. Googe forgot to write about it.
This ^
You can be secure to a point but it if an entire government is targeting you then nothing is secure. They can intercept any communication you use.
Google waited right before the new iPhone launch in a poor attempt to hurt iPhone sales. They conveniently left out the fact that android phones were also targeted. Yeah iPhones are hackable so buy an android phone that's easier to hack
The attack was highly soohisticated. There is a strong implication (read that as absolute certainty) that this was done by a state actor who happens to be the second largest economy of the world (China) whose actions imply that they know that if it were more widespread it would have been caught and removed sooner. I think it is safe to say that it didn’t go very far.
Sucks to be an Uighur Muslim though. They thought being outside the Android ecosystem would afford them some measure of security given that their every movement is literally being tracked and logged by their state (as we know from other large data leaks). Unfortunately, China is that state.
Show me the form I can fill out to buy the personal data of some celebrity.
Also, I dare you to find one statement from apple that says google sells user data. You can't find it cause apple is careful to not say that so they don't get sued.
Last edited:
And still no mention by Apple on how to know whether someone was affected by this or not.
They should’ve included something in their blog post such as “we reached out to people we think may have been affected” or “if you visited this this and this site you might’ve been affected”.
They should’ve included something in their blog post such as “we reached out to people we think may have been affected” or “if you visited this this and this site you might’ve been affected”.
And it was fixed in 10 days, but 180 days later they made a publication about the exploit, already knowing it was fixed. Hence, zero credibility.
Apple does not spread FUD. That's why I buy Apple products.
There are many reasons for which Apple should reconsider manufacturing its products in China; however, in light of Cook’s lifestyle, I am not sure how sympathetic he would be to Moslems.
Not really. Apple could gave been notified in advance by Google or this could just be another Apple PR line to deflect criticism.
Apple relies on brand image for their premium prices. Of course an iPhone is just as easily hacked as any Android handset - large foreign governments can get into anything they want to any time they please. Snowden told us this years and years ago. But people still believe corporations and the false narrative of “privacy” and “security.” It does not exist.
[doublepost=1567793731][/doublepost]Lots of misinformation in the Apple release too, if not outright lies.
By definition they could not have been working to fix the exploits, “zero” day exploits means they’ve known about it for zero days. I don’t know what they’re selling but Google seems to have really gotten under their skin.
Wow, I sincerely appreciate this video with the well researched and linked information explaining what had really happened. What was implied in the original reporting seemed spectacularly concerning and, well, somewhat improbable. When I first saw the rumour here I went to read the report and I was immediately suspicious because it seemed to be full of easily quotable sound bites that were very damaging to iOS but I couldn't see the factual explanation that justified the claims. It did seem intentionally sensationalistic and, well, it turns out that is exactly what it was. Thankfully we are now seeing deeper dives into the actual facts but I am certain we will not see the truth spread as widely. Lesson to all that we need to be vigilant when reading anything these days.
My take-aways:
- Coding is hard, mistakes happen, the trick is to fix them quickly.
- There were multiple exploitation chains probably because they were constantly being fixed and so another exploit had to be found (not the implied 14 exploitation chains all active simultaneously over a two year period).
- iOS was not the only target, Android and Windows were also targeted.
- that only "some" devices visiting the affected sites were infected might imply that the fixes of the exploits were happening fast enough that only devices with older OS versions were infected (speculation on my part)
- though Rene does not choose to condemn this report as intentionally damaging to iOS in order to benefit Google I don't choose to be that generous. Shame on them for exploiting and misreporting this issue.
I trust Apple a lot more than I would Google. Google's business is to exploit people. I don't really see why Google would take this approach though, to smear Apple? Increase sales? Apple won the smartphone battle a long time ago (Google won the OS battle).
Why be so quick to think they are lying?
The fixed the flaws 10 days after Google reported it which does suggest maybe they were already working on it.
Logical fallacy. If Apple doesn't file a lawsuit (which they won't) it has nothing to do with Google lying.
Of course they did. But it's not just the iPhone launch. It's the fact major issues were discovered in Android and made public just the past week:
App with 100 million downloads discovered in Google Play Store....
https://arstechnica.com/information...0-million-downloads-executed-secret-payloads/
And another one right after....
https://arstechnica.com/information...wnloads-drained-batteries-and-slowed-devices/
And the sweet revenge by ZDI on Google, publishing an Android zero-day because Google hadn't fixed it within their deadline.
Zero-day Android exploit discovered by ZDI and published.
https://arstechnica.com/information...-hackers-a-way-to-elevate-attacks/?comments=1
And why they talked it up like an iOS-only problem, when apparently Android and Windows were also targets.
Last edited:
Seems like much aggrandizing on googles part rather than spinning on apples part.
As far as the lawyering up what is Apple going to sue for? Googles description of very narrow vs very broad?
Bingo. Until someone can show a specific reason why Google chose to only make this public now, it's nothing but PR on Google's part.
But hey, what can you expect from Google? This is the company, after all, that found an exploit in Safari and instead of notifying Apple about it they took advantage of it and wrote code that would allow them to continue tracking users.
Let that sink in for a second:
Google essentially wrote malware to exploit a Safari flaw to allow them to continue tracking. It's amazing to me that the FTC only fined Google $22.5 million for this.
I do not completely disagree with you but it can be (a lot) worse, the post under yours says enough, here it is...
⬇︎
what are you rambling on about? you really think companies like FB that sell user data are doing it on a person by person basis, with identifiable data? That's not the way it works. And I suspect you know this.
And are you really upset that Apple did NOT call out someone in a negative way? If someone asked me to find a post to highlight someone searching for something to complain about, this would be it.