Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Says Many of the Vulnerabilities Detailed in 'Vault 7' Leaks Already Patched
- Thread starter MacRumors
- Start date
- Sort by reaction score
Doesn't the word "many" usually mean "about 60%"?
I want to hear "all leaks have been patched!" from Apple.
If there's 30 exploits and 10 are patched, they can say "many".
If there's 50 exploits and 30 are patched they can say "mostly".
Could be only a PR stunt. Good thing is that Apple might patch all leaked exploits soon.
Were it not for the leaks who knows of apple woild fix leaks
I am wondering though - does this mean ios 9 is unsafe regards to coa exploits?
Trust, but verify. As always.
[doublepost=1488970349][/doublepost]
Stunt? Emergency crisis is a normal cause for PR statements to customers. Their value in assuaging support questions and traffic is a primary objective. Unless your stunt threshold is very mundane, I'd call this routine PR function
I think with this, everybody is gong to have to go down the laundry line and patch. The PR mess will be brutal for those who don't or blow it. Naughty smart TVs seem to be getting the most traction in the stupid human news on all channels.
Has Apple been fixing security bugs so far? Don't see why that would change, only see this escalating for any they didn't know of. Is the expectation total perfection or ability to adapt?
Last edited:
The headline could also read "Apple Says Many of the Vulnerabilities Detailed in 'Vault 7' Leaks haven't been Patched" and it would still be true. People are missing the point here, it's not that the CIA or Russian hackers or the kid in his basement down the street has and is using these tools, it's that these vulnerabilities exist. The CIA aren't magicians, if they can work it out so can the bad guys. The days of Apple users lording their security credentials over Android users are over. Anything Tim Cook says is just security theatre.
You cannot trust the tech companies, just as much as you cannot trust your own governments.
It's not crap or silly, and I didn't interpret his single sentence as any kind of Apple rah-rah at all. Rather, and acknowledging it's not a perfect situation, it makes sense that frequent mobile OS updates which include security patches will likely produce better positive results with respect to exploits than mobile OS updates that are infrequently updated, if ever. It's one (of the many) reasons I'm in the iOS camp.
As a related aside, it's telling that the NYC district attorney only complained before the US Congress last year about having hundreds (now likely thousands) seized iPhones (and not Android phones) that he could not access in the support of criminal investigations. While that's hardly a perfect endorsement with respect to exploitability, it does say quite a lot in a relative sense between the two mobile OS'.
There will never be perfection with respect to any consumer-based extraordinarily complicated software/hardware system, especially where there are groups with (relatively) unlimited/asymmetrical budgets whose sole focus is on finding and developing exploits destined for use.
As I said in another post, I would be shocked and very disappointed if the CIA does not have an array of tools available for exploiting mobile phones supporting espionage activities. That's part of their job, as it is with MI6/GCHQ, DGSE, FSB, Mosad, etc.
Last edited:
I just said that Apple is not being detailed in their response. Can mean they patched a minority or majority of exploits.
The weak point in any security system is always the human factor. It used to be that an agent had to walk out of their office with a brief case full of files. Now the intelligence agencies have gone digital the risk is vast swathes of top secret information being smuggled out on a USB key and disseminated to the whole world in the blink of an eye. It's never going to stop and they're never going to be able to get a handle on it, because people. Manning, Snowden and now this leak show it very clearly.
For a good read on that:
https://www.rsaconference.com/blogs...cy-from-ancient-egypt-to-quantum-cryptography
I thoroughly enjoyed the book.
I don't believe tech is ever truly going to be secure, hackers whether they be 'good guys' or 'bad guys' are a determined bunch, finger prints, retina scans or voice analysis some bright spark will either find a way around it or a way to steal what they need; you're only as secure as your last update.
But it's true -- Android versions are often abandoned by phone makers, way more than iOS. And old versions of OSes are vulnerable.
"Noooooope." - Lana Kane
"In any case, I'm pretty sure iOS devices will be fixed much faster than most Android phones..."
↑↑That? That right there? That's just plain old deflection. When the topic is the CIA's focus on exploiting iOS, pointing at Android is a pretty ineffectual argument. Allow me to highlight that point by trying to bring it closer to home.
You say: It's one of the may reasons I'm in the iOS camp.
You read this: "The code contains what Wikileaks referred to as a "hacking arsenal" of malware, viruses, trojans, and weaponized "zero day" exploits for iOS devices, that could give anyone in possession of the code "the entire hacking capacity of the CIA..."
And this: "Despite iPhone's minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA's Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA's arsenal includes numerous local and remote "zero days" developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites."
Now after reading that, help me understand how Android's perceived shortcoming are relevant to you or the topic. I mean, you're in the iOS camp, right? That's why I pointedly asked, "Is this the thread to bring that silly..." The iOS vs Android theme is perfect forum fodder, just like Ford vs Chevy, or Nike vs Reebok. Being perfect forum fodder doesn't mean it's apropos for every topic. This topic, in my opinion, is not one that lends itself to that theme.
Irrelevant as it relates to the CIA's concerted efforts to penetrate iOS.
Last edited:
Now why would Russia have allowed Wikileaks to publish this? If Russia had already known about it and controlled Wikileaks, it seems they would want to keep it quiet so they could use the exploits.
[doublepost=1488985384][/doublepost]
If they needed to, the FBI could get a court order and break into your house and modify all your devices to spy on you. Since the CIA isn't supposed to spy on US citizens, these would be used on foreigners. They are developed to gain national security intelligence to help the US and defeat its enemies.
I had some time to review some of the leaked info, and most of it if not all is from 2015 and earlier.
The weakest point to hack a device is the user. Fool the user and you'll gain access to that device.
Considering this fact, I wonder if any apps, including those in the AppStore, could have a way of opening a backdoor to hackers or spy on people.
iOS devices are more secure than Macs, but there's always a possibility.
The weakest point to hack a device is the user. Fool the user and you'll gain access to that device.
Considering this fact, I wonder if any apps, including those in the AppStore, could have a way of opening a backdoor to hackers or spy on people.
iOS devices are more secure than Macs, but there's always a possibility.
Hard to believe Apple and none of us have the capability to prove Apple is telling the truth but some posters here have a good point. Is hard to beat the CIA, which has a near unlimited black operations budget funded by illegal activities like smuggling drugs into the US.
The sooner they get patched, the better...as these holes aren't only known by the U.S. government (not that its good they know them either, just wait till we get a President who'd want to abuse his power to spy on his "enemies"...).
"The Vault 7 revelations aren't the first time the CIA has targeted Apple's mobile devices. In 2015 it was reportedthat the CIA worked on ways to compromise both iPhones and iPads."
To note, the article (from the Snowden tranche) actually details that the CIA was trying to compromise Apple's compiler - so it would compromise anything it compiled code for (OS X, iOS etc.) - would guess they'd want to go after the firmware too.
I always found this article one of the most reassuring of Apple's genuineness when it came to trying to give their users privacy - there were never any articles like this about Microsoft etc. in the Snowden group of documents, presumably, because the other companies were willing partner with the U.S. government (and any others) in mass surveillance of their customers. This is also why I watch with horror as Apple abandons the PC market...
"The Vault 7 revelations aren't the first time the CIA has targeted Apple's mobile devices. In 2015 it was reportedthat the CIA worked on ways to compromise both iPhones and iPads."
To note, the article (from the Snowden tranche) actually details that the CIA was trying to compromise Apple's compiler - so it would compromise anything it compiled code for (OS X, iOS etc.) - would guess they'd want to go after the firmware too.
I always found this article one of the most reassuring of Apple's genuineness when it came to trying to give their users privacy - there were never any articles like this about Microsoft etc. in the Snowden group of documents, presumably, because the other companies were willing partner with the U.S. government (and any others) in mass surveillance of their customers. This is also why I watch with horror as Apple abandons the PC market...
By already patched, does that mean they were scrambling to get "many" patched before this press release?
Read this yesterday "If you’re writing about the CIA/@Wikileaks story, here’s the big deal: first public evidence USG secretly paying to keep US software unsafe."
Given a choice, I will give strong preference to a mobile OS that is frequently updated (including patching security exploits) over one that is not frequently updated (or not updated at all).