Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Doesn't the word "many" usually mean "about 60%"? :)

I want to hear "all leaks have been patched!" from Apple.

If there's 30 exploits and 10 are patched, they can say "many".
If there's 50 exploits and 30 are patched they can say "mostly".

Could be only a PR stunt. Good thing is that Apple might patch all leaked exploits soon.
 
If there's 30 exploits and 10 are patched, they can say "many".
If there's 50 exploits and 30 are patched they can say "mostly".

Could be only a PR stunt. Good thing is that Apple might patch all leaked exploits soon.

Were it not for the leaks who knows of apple woild fix leaks

I am wondering though - does this mean ios 9 is unsafe regards to coa exploits?
 
So we are to just trust Apples word on this?

Trust, but verify. As always.
[doublepost=1488970349][/doublepost]
If there's 30 exploits and 10 are patched, they can say "many".
If there's 50 exploits and 30 are patched they can say "mostly".

Could be only a PR stunt. Good thing is that Apple might patch all leaked exploits soon.

Stunt? Emergency crisis is a normal cause for PR statements to customers. Their value in assuaging support questions and traffic is a primary objective. Unless your stunt threshold is very mundane, I'd call this routine PR function

I think with this, everybody is gong to have to go down the laundry line and patch. The PR mess will be brutal for those who don't or blow it. Naughty smart TVs seem to be getting the most traction in the stupid human news on all channels.

Has Apple been fixing security bugs so far? Don't see why that would change, only see this escalating for any they didn't know of. Is the expectation total perfection or ability to adapt?
 
Last edited:
The headline could also read "Apple Says Many of the Vulnerabilities Detailed in 'Vault 7' Leaks haven't been Patched" and it would still be true. People are missing the point here, it's not that the CIA or Russian hackers or the kid in his basement down the street has and is using these tools, it's that these vulnerabilities exist. The CIA aren't magicians, if they can work it out so can the bad guys. The days of Apple users lording their security credentials over Android users are over. Anything Tim Cook says is just security theatre.
 
At least Apple is way ahead of Android users who don't or can't update their devices for years or months. Haha.
 
Is this really the thread to bring that silly iOS vs Android crap? Instead of my OS is better than your OS, how about hoping that this serves as a wake up call to the tech industry that security should be paramount in the products being put out in the public. It should be a wake up call to the big players, but more importantly to the smaller IoT players as well. That's a vector that ripe for exploit. Oh, and I wouldn't be so overjoyed by Apple's statement that many of the vulnerabilities have been patched. It means many others haven't been. Also keep in mind, those were just the leaked vulnerabilities. Dollars to doughnuts the CIA has other nasty stuff that wasn't leaked. It's the CIA after all. I could be wrong, but I'm pretty sure the leak didn't all of a sudden make them stop working on more nefarious means which they will go to extremes to keep from leaking. It's an ongoing battle and iOS looks to be a favorite target of the CIA's armaments.

This post isn't really directed at you personally Rigby. Just my rant against turning this topic into something that takes the focus off what we need to be focused on.

It's not crap or silly, and I didn't interpret his single sentence as any kind of Apple rah-rah at all. Rather, and acknowledging it's not a perfect situation, it makes sense that frequent mobile OS updates which include security patches will likely produce better positive results with respect to exploits than mobile OS updates that are infrequently updated, if ever. It's one (of the many) reasons I'm in the iOS camp.

As a related aside, it's telling that the NYC district attorney only complained before the US Congress last year about having hundreds (now likely thousands) seized iPhones (and not Android phones) that he could not access in the support of criminal investigations. While that's hardly a perfect endorsement with respect to exploitability, it does say quite a lot in a relative sense between the two mobile OS'.

There will never be perfection with respect to any consumer-based extraordinarily complicated software/hardware system, especially where there are groups with (relatively) unlimited/asymmetrical budgets whose sole focus is on finding and developing exploits destined for use.

As I said in another post, I would be shocked and very disappointed if the CIA does not have an array of tools available for exploiting mobile phones supporting espionage activities. That's part of their job, as it is with MI6/GCHQ, DGSE, FSB, Mosad, etc.
 
Last edited:
The CIA probably has the best hackers in the world. Even if they patch all of these, there will always be more. There will never be internet privacy IMO.
 
  • Like
Reactions: 69Mustang
Trust, but verify. As always.
[doublepost=1488970349][/doublepost]

Stunt? Emergency crisis is a normal cause for PR statements to customers. Their value in assuaging support questions and traffic is a primary objective. Unless your stunt threshold is very mundane, I'd call this routine PR function

I think with this, everybody is gong to have to go down the laundry line and patch. The PR mess will be brutal for those who don't or blow it. Naughty smart TVs seem to be getting the most traction in the stupid human news on all channels.

Has Apple been fixing security bugs so far? Don't see why that would change, only see this escalating for any they didn't know of. Is the expectation total perfection or ability to adapt?


I just said that Apple is not being detailed in their response. Can mean they patched a minority or majority of exploits.
 
The weak point in any security system is always the human factor. It used to be that an agent had to walk out of their office with a brief case full of files. Now the intelligence agencies have gone digital the risk is vast swathes of top secret information being smuggled out on a USB key and disseminated to the whole world in the blink of an eye. It's never going to stop and they're never going to be able to get a handle on it, because people. Manning, Snowden and now this leak show it very clearly.
 
I don't believe tech is ever truly going to be secure, hackers whether they be 'good guys' or 'bad guys' are a determined bunch, finger prints, retina scans or voice analysis some bright spark will either find a way around it or a way to steal what they need; you're only as secure as your last update.
 
Is this really the thread to bring that silly iOS vs Android crap? Instead of my OS is better than your OS, how about hoping that this serves as a wake up call to the tech industry that security should be paramount in the products being put out in the public. It should be a wake up call to the big players, but more importantly to the smaller IoT players as well. That's a vector that ripe for exploit. Oh, and I wouldn't be so overjoyed by Apple's statement that many of the vulnerabilities have been patched. It means many others haven't been. Also keep in mind, those were just the leaked vulnerabilities. Dollars to doughnuts the CIA has other nasty stuff that wasn't leaked. It's the CIA after all. I could be wrong, but I'm pretty sure the leak didn't all of a sudden make them stop working on more nefarious means which they will go to extremes to keep from leaking. It's an ongoing battle and iOS looks to be a favorite target of the CIA's armaments.

This post isn't really directed at you personally Rigby. Just my rant against turning this topic into something that takes the focus off what we need to be focused on.
But it's true -- Android versions are often abandoned by phone makers, way more than iOS. And old versions of OSes are vulnerable.
 
It's not crap or silly, and I didn't interpret his single sentence as any kind of Apple rah-rah at all. Rather, and acknowledging it's not a perfect situation, it makes sense that frequent mobile OS updates which include security patches will likely produce better positive results with respect to exploits than mobile OS updates that are infrequently updated, if ever. It's one (of the many) reasons I'm in the iOS camp.
"Noooooope." - Lana Kane

"In any case, I'm pretty sure iOS devices will be fixed much faster than most Android phones..."
↑↑That? That right there? That's just plain old deflection. When the topic is the CIA's focus on exploiting iOS, pointing at Android is a pretty ineffectual argument. Allow me to highlight that point by trying to bring it closer to home.

You say: It's one of the may reasons I'm in the iOS camp.

You read this: "The code contains what Wikileaks referred to as a "hacking arsenal" of malware, viruses, trojans, and weaponized "zero day" exploits for iOS devices, that could give anyone in possession of the code "the entire hacking capacity of the CIA..."

And this: "Despite iPhone's minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA's Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA's arsenal includes numerous local and remote "zero days" developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites."

Now after reading that, help me understand how Android's perceived shortcoming are relevant to you or the topic. I mean, you're in the iOS camp, right? That's why I pointedly asked, "Is this the thread to bring that silly..." The iOS vs Android theme is perfect forum fodder, just like Ford vs Chevy, or Nike vs Reebok. Being perfect forum fodder doesn't mean it's apropos for every topic. This topic, in my opinion, is not one that lends itself to that theme.


But it's true -- Android versions are often abandoned by phone makers, way more than iOS. And old versions of OSes are vulnerable.
Irrelevant as it relates to the CIA's concerted efforts to penetrate iOS.
 
Last edited:
Considering Russia allowed Wikileaks to publish this I'd bet almost all of not all of them have been patched so there isn't much loss to their intelligence services by leaking it.
Now why would Russia have allowed Wikileaks to publish this? If Russia had already known about it and controlled Wikileaks, it seems they would want to keep it quiet so they could use the exploits.
[doublepost=1488985384][/doublepost]
Have to lol at all of the people posting things like "keep patching" or "that was quick" or the hopefuls of the thread...

You have no privacy. Ever. Period. If the CIA or the government wants to know what is on your device, it WILL take over the mic, hack the data, turn on geolocators and whatever else. It's just a fact, Apple or Android will never outsecure the CIA. It is, by definition, a spy agency.
If they needed to, the FBI could get a court order and break into your house and modify all your devices to spy on you. Since the CIA isn't supposed to spy on US citizens, these would be used on foreigners. They are developed to gain national security intelligence to help the US and defeat its enemies.
 
I had some time to review some of the leaked info, and most of it if not all is from 2015 and earlier.

The weakest point to hack a device is the user. Fool the user and you'll gain access to that device.
Considering this fact, I wonder if any apps, including those in the AppStore, could have a way of opening a backdoor to hackers or spy on people.
iOS devices are more secure than Macs, but there's always a possibility.
 
Hard to believe Apple and none of us have the capability to prove Apple is telling the truth but some posters here have a good point. Is hard to beat the CIA, which has a near unlimited black operations budget funded by illegal activities like smuggling drugs into the US.
 
The sooner they get patched, the better...as these holes aren't only known by the U.S. government (not that its good they know them either, just wait till we get a President who'd want to abuse his power to spy on his "enemies"...).

"The Vault 7 revelations aren't the first time the CIA has targeted Apple's mobile devices. In 2015 it was reportedthat the CIA worked on ways to compromise both iPhones and iPads."

To note, the article (from the Snowden tranche) actually details that the CIA was trying to compromise Apple's compiler - so it would compromise anything it compiled code for (OS X, iOS etc.) - would guess they'd want to go after the firmware too.

I always found this article one of the most reassuring of Apple's genuineness when it came to trying to give their users privacy - there were never any articles like this about Microsoft etc. in the Snowden group of documents, presumably, because the other companies were willing partner with the U.S. government (and any others) in mass surveillance of their customers. This is also why I watch with horror as Apple abandons the PC market...
 
"Noooooope." - Lana Kane

"In any case, I'm pretty sure iOS devices will be fixed much faster than most Android phones..."
↑↑That? That right there? That's just plain old deflection. When the topic is the CIA's focus on exploiting iOS, pointing at Android is a pretty ineffectual argument. Allow me to highlight that point by trying to bring it closer to home.

You say: It's one of the may reasons I'm in the iOS camp.

You read this: "The code contains what Wikileaks referred to as a "hacking arsenal" of malware, viruses, trojans, and weaponized "zero day" exploits for iOS devices, that could give anyone in possession of the code "the entire hacking capacity of the CIA..."

And this: "Despite iPhone's minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA's Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA's arsenal includes numerous local and remote "zero days" developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites."

Now after reading that, help me understand how Android's perceived shortcoming are relevant to you or the topic. I mean, you're in the iOS camp, right? That's why I pointedly asked, "Is this the thread to bring that silly..." The iOS vs Android theme is perfect forum fodder, just like Ford vs Chevy, or Nike vs Reebok. Being perfect forum fodder doesn't mean it's apropos for every topic. This topic, in my opinion, is not one that lends itself to that theme.



Irrelevant as it relates to the CIA's concerted efforts to penetrate iOS.

Given a choice, I will give strong preference to a mobile OS that is frequently updated (including patching security exploits) over one that is not frequently updated (or not updated at all).
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.