See, Apple is definitely giving out deals.
Last edited by a moderator:
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Disputes Some Details of Google's Project Zero Report on iOS Security Vulnerabilities [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
See, Apple is definitely giving out deals.
Source? The FTC who investigated and fined Google $22.5 million for it.
No it didn't. From the very second paragraph: "Earlier this year Google's Threat Analysis Group (TAG) discovered a small collection of hacked websites."
That's misleading... the websites also had *old* exploit code which targeted Windows and Android. As in ineffective exploit code that had been patched for years. That has nothing to do with the unpatched epxloit chain that the entire blog post was about.
[doublepost=1567810757][/doublepost]
I'm sorry.. but Google *ignoring* Safari's "do not track" header isn't even in the same ballpark as "discovered a flaw and exploited it".
Yes it does work this way. If you make a claim you have to prove your claim. Burden of Proof. That's a logical fallacy. I believe that's actually in the forum rules. All you did was provide an Ad Hominem attack (another logical fallacy) on the person instead of refuting what they said. And by saying you believe Google experts you added a third logical fallacy - Argument from Authority - just because someone is an expert in a field then anything they say must be true. What's that about 3 strikes?
[doublepost=1567811164][/doublepost]
Except that's not what happened. They had to write specific code to take advantage of it. Then they had the gall to say it was an accident. As if code just writes itself.
Apple is absolutely terrified of anything that might make those phone sales sink any further aren't they?
Statement is a bit over the top. Shame it didn't bother to acknowledge the disgraceful persecution of a religious minority by the Chinese either.
Statement is a bit over the top. Shame it didn't bother to acknowledge the disgraceful persecution of a religious minority by the Chinese either.
How rich of Google to point out vulnerabilities of other phones I mean shouldn’t they be fixing their own security first?
Is that what you'd prefer? You would prefer that iOS vulnerability lingered for decades instead of just years?
[doublepost=1567813097][/doublepost]
I claimed that Apple blogger may qualify to report on the security issues but he does not qualify to argues about them. You claiming otherwise is a logical fallacy. You are claiming that everybody qualifies to chime in on the complex issues of computer security. By your logic I could quote anyone in this thread (whatever opinion fits my narrative) and you'd have to accept it as a proof. Otherwise you could be accused of ad hominem attack. And you have as many strikes as you have posts in this thread (which is clearly the highest amount of strikes here).
Competence is needed for this to work. When you have a mindless bore like Tim Cook in charge and setting the standard very low they'll need to hire people from Project Zero, Tencent, etc.
If that were the case Microsoft and intel would be out of business. But it’s not the case based on other industry examples.
The Chinese was apparently also targeting Windows and Android.
https://www.forbes.com/sites/thomas...d-microsoft-windows-say-sources/#43a8cd614adf
Apple has spent a lot on marketing to create a fake security facade so it's understandable that Apple is quick to downplay anything and anyone that threatens this facade. For example, Apple wants you to believe that the data on your Apple device is irrecoverable that's why they go out of their way to silence people like iPad Rehab's Jessa Jones that successfully do data recovery for a living. Other companies like Google invest less on marketing and more on actual security research like Project Zero, Virus Total, bounties, etc.
This Apple reponse shows their willingness to spread FUD to downplay an incident. Talk to anyone in the infosec community and they'll tell you it's an exploit that affected everyone but it was used in a targeted 'watering hole' attack to lessen the chance of detection.
Apple
This Apple reponse shows their willingness to spread FUD to downplay an incident. Talk to anyone in the infosec community and they'll tell you it's an exploit that affected everyone but it was used in a targeted 'watering hole' attack to lessen the chance of detection.
Apple
Last edited:
Not sure what you're on about honestly.
Full of condemnation for a competitor but hardly a word for those that seek to persecute minorities. Apple 2019, Good for a sanctimonious lecture about privacy and human rights but not to speak up for those that don't have any.
Shame.
Just because Apple said so, does not mean Chinese government has done that. There is no evidence point to Chinese government. If you have evidently, you are welcome to point it out.
Second, even if Chinese government did, there is nothing wrong about it. I am sure United States government has done the same thing too. It is very hard to govern area with such ethical diverse area. Govern with iron fist is must. If Uyghur feels being suppressed, they are welcome to leave China.
So why isn't apple suing google for libel? Did apple run out of lawyers? Let me help you, the statements by google are not lies.
They aren’t exactly facts either. Google’s original post had an implication that the attackers did exploit millions of users; this is incorrect going by Apple’s response.
I don’t think Apple’s response was defensive per-say, but more so to let general users know that they haven’t been exploited.
I just hope that the users who were effected have been notified about potential data exposure.
Google hasn’t been exactly honest here with their use of hyperbole.
Start a thread in PRSI. This thread is about the Apple response to the google blog, and my post stands based on the thread subject matter.
Last edited:
How do you presume anybody can know how many users were affected? A few sites were identified. This does not mean there were no other sites doing it. All Google post implied was that iDevices were wide open to this malware due to the nature of the vulnerability. The devices could have been violated by simply visiting a website.
Couldn’t agree more. Google needs to fix their own existing & yet unknown future vulnerabilities (they will come down the pike sooner or later) before they earn the right to lay unpleasant things on Apple’s dinner plate.
Helpful tip to Google: Use your electric car to do some time travel.
Interesting, shame that Samsung then will only offer updates for two years.
[doublepost=1567851816][/doublepost]
You don’t necessarily understand Googles business model then, plus you can always opt out of them collecting your data, Google devices themselves always ask you to opt in first.
I’d also claim it’s a fools folly to believe anything Apple claims! I mean they are a company that deliberately slowed down millions of iPhones for over a year and instead of telling you, they told people to buy new iPhones, until they were caught red handed.
It’s also a company that proclaimed what was on your iPhone stairs on your iPhone sprouting how they were the most privacy conscious company ever in big billboard adds, and again they were caught red handed employing third party contractors to listen to Siri recordings and didn’t really tell anyone about it..
Now think of all that medical data Apple collects about you, I’m not so sure they can be trusted with it. But I’ll continue to use them as they offer the best interfaces and ease of use, bar exporting multiple ECG readings to send to your doctor as that’s a right pain in the rear.
Last edited:
If Apple would want to find bugs in other companies software, they first would have to employ people, who understand security.
Apple has been far to long far to restrictive about bug bounty programs. Therefore people who find bugs and are not employed by a company like Google, sell there findings for the highest price possible for example to the Chinese government (via Zerodium).
https://www.latimes.com/business/technology/la-fi-apple-china-20160226-story.html
https://www.wired.co.uk/article/apple-icloud-china-iphone-data-privacy
There's really no need for that kind of exploit in China because Apple will willingly cooperate with the government..
