It was unsafe before. They just exploit exiting vulnerabilities, not creating any
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Says Many of the Vulnerabilities Detailed in 'Vault 7' Leaks Already Patched
- Thread starter MacRumors
- Start date
- Sort by reaction score
No, it will make it simple to see the existing access points. Nothing is ever secure.
I understand that. I have no issue with that. How is it relevant to the CIA attacking iOS?
That's the reason why I said that most likely all or almost all of them are patched already. So it is mostly useless unless people have old phones that they didn't update. If this was something that would be useful to Russia it would have never been published.
I expect the CIA and other major intelligence agencies of the world to engage in exploiting communications. That's been going on, in different forms of course, for centuries.
My original comment was in response to your characterization of Rigby's comment "I'm pretty sure iOS devices will be fixed much faster than most Android phones, not to mention things like smart TVs ..." as being crap or silly.
It's absolutely not. I'll chose the OS that gets frequent updates with security exploit patches over one that doesn't. I'm not worried about the CIA, rather non-government actors who already have (or will soon have access) to these and other exploits. Frequent updates can/will help with those getting patched, especially now that some of these exploits are public.
Yes, you are vulnerable. Apple does not really care about old customers, what they care about is what you have bought from them recently. Have not bought in a couple of years then you are dead to Apple. For example, have an old computer that does not have SSD, expect current macOS to run like a dog because it is optimized for SSD, even though Sierra supports hardware without SSD. Its Apple's way of pushing you to upgrade. Same with phones, either upgrade to get the security and sucky performance, or don't upgrade to keep good performance, but be vulnerable.
You know, I highly doubt you'd think Tim Cook was responding to "nitpicky" things if you were gay or a refugee.
You're correct, Tim Cook is a hypocrite for taking the profit margins he does while paying Chinese workers like he does. The correct response, however, is to start caring about both, not neither as you're implying.
It is indeed crap and silly as it relates to the topic of discussion, imo of course. Whether iOS devices will be fixed faster than Android devices bares no importance on what the CIA is doing regarding iOS. It's a different topic for a different conversation. We disagree here, obviously. It's cool.
It's the same as if you and I are discussing the pros/cons of getting protein from legumes and someone jumps into the conversation and starts talking about how meat has protein and tastes delicious... and it does... especially bacon. You know, like when it's all crispy and applewood smoked or peppered. There's a plateful and no one else is around. You know you shouldn't eat all of it, but you will. Cuz bacon. Bacon is... wait, whaa?
See, now we've gotten drawn away from the original topic of... of... of... screw it. Bacon, let's discuss.
Sigh. Our tax dollars at work. And some of our elected officials apparently begrudge money to pay for the chemotherapy of the taxpayer whose hard earned money pays their salary. No, they'd rather keep funding the military industrial complex so we can all live like it's 1984.
And every person in this forum and every tech forum in the world should be willing to stand up and not tolerate this blatant violation of the law. But as you see here (not this post, but others), many just don't care. They get so much stuff for free, that they are not about to bite the hand that feeds them. To them government domination is just fine as long as the government pretends to care for them and their pet social issues. How naive, ignorant, and immature.
These vulnerabilities posted don't go past iOS 7. As someone who has worked with law enforcement and Apple over the years, I can say they have current ones for iOS 10 which haven't been disclosed.
Disagree, it's very related. Those security exploits, now that they're public, will soon be (or already are) in the hands of non-government actors. Using a frequently updated mobile OS, such as iOS will help ameliorate the very real adverse consequences to iPhone users. And this being an Apple forum makes it relevant.
What the CIA (and dozens of other intelligence agencies) are doing with respect to exploiting phones is not news or particularly interesting - I would be honestly shocked and disappointed if that were not happening. Knowing that a frequently updated mobile OS can potentially avert some exploits from non-government actors is very interesting.
Last edited:
Actually, the most recent exploit listed is for iOS 9.2:
https://wikileaks.com/ciav7p1/cms/page_13205587.html
I just took a quick look at the archive. The most recent files I saw are from early 2016. Also, I did not see any actual exploit code. Wikileaks included only directory listings as placeholders for most tar archives, so at least there are no ready to use exploit tools. However, the developer documentation contains fairly detailed descriptions of vulnerabilities that will enable bad actors to write their own exploit tools.
It should also be mentioned that, according to Wikileaks, this is only a part of the whole package. More (and perhaps more recent) material is probably circulating. One can only hope that the CIA works proactively with the affected companies to fix the vulnerabilities ASAP.
How can you really be sure?
I mean any company would say exactly the same thing won't they to keep their uses safe... Why is Apple a number #1 exception to this ? If they all cling to "Well Apple focuses strongly with privacy" as the reason, u may want to try a bit harder.... because other companies all say the same too, can say the same..
I mean any company would say exactly the same thing won't they to keep their uses safe... Why is Apple a number #1 exception to this ? If they all cling to "Well Apple focuses strongly with privacy" as the reason, u may want to try a bit harder.... because other companies all say the same too, can say the same..
Okay. Let's say those iOS exploits are out in the wild in the hands of non-government actors. People with bad intent who want to exploit iOS for their gain and our loss. How does pointing at Android help in that instance? As far as I can tell, it does nothing to mitigate any possible damage in iOS. It basically states, "Yeah I know there's a problem, but the other guys have problems too." As if the other guy having problems somehow makes my problems less.
Not sure why you keep bringing this up. I said the same thing on the original post yesterday (ironically, the same post you gave a thumbs up). Nothing in our current conversation is about whether it's news or particularly interesting. Me stating the CIA is the topic is not the same as me stating the CIA is news or interesting.
Agreed. And as others have pointed out intelligence is part of the reality of this world. However, independent intelligence agencies acting as criminal rackets serving the interests of out of government entities are not acceptable and should be rooted out.
"How does pointing at Android help in that instance? As far as I can tell, it does nothing to mitigate any possible damage in iOS. It basically states, "Yeah I know there's a problem, but the other guys have problems too." As if the other guy having problems somehow makes my problems less."
It's not about pointing at Android or saying they have problems too. It's about as smartphone consumers, we basically have two mobile OS choices. If one of those choices provides frequent OS updates that also results in recently revealed security exploits being addressed and patched, as a smartphone consumer who cares about security, I'll give a lot of weight to and purchase phones using that OS, and, little weight to phones using an OS that has infrequent or no updates.
"Not sure why you keep bringing this up."
You brought up the CIA in previous posts, such as: "How is it relevant to the CIA attacking iOS?". I'm saying it's not relevant to the issue being debated with respect to the point Rigby was making, going all the way back to you responding to his post.
Last edited:
We're getting pretty circular here. Obviously we're not going to agree. You say it's not about pointing that Android has problems too, but that's exactly what Rigby's original post is doing. Nothing in his post is about choices of OSes.
What you kept bringing up was it's not new or interesting. That's not what I brought up. I brought up the fact that the CIA was the topic of the article. As I said before, it's not the same thing.
I know I'm stepping on a hornets nest that will lead further off topic, but you must not know how Android security updates are propagated. I say that because every one of your posts has presented Android security updates as if they are tied to OS updates like iOS. They're not. Android security updates are released monthly and don't require an OS update. Take my old S5 and new S7 for example. Neither required an OS update (although they did get updated to M and N respectively) for security to be updated.
"What you kept bringing up was it's not new or interesting. That's not what I brought up. I brought up the fact that the CIA was the topic of the article. As I said before, it's not the same thing."
My point was that it was not relevant to the case Rigby was making. The recent revelations via Wikileaks, though, will inspire some exploits being patched.
Or... perhaps it's a game of chess....
Perhaps Russia has noticed a weakness in the code that will become more vulnerable if Apple patches the code that Russia has directed Apple towards.
Kind of like exposing your king to get your opponents queen right where you want her to take her with a pawn.
Russia may be looking a couple steps ahead, and anticipating that Apple will likely use specific code / instructions to patch certain weaknesses. And if Apple uses the particular code that Russia is anticipating, perhaps it may inadvertently open another more significant door.
Perhaps the mouse is just leading the cat into a trap.
ah ya, ok,, like how Wiki-leaks, would give the NSA a change to come clean ? Sorry, won't happen..
People need to know things ASAP, in vulnerabilities.. they don't wanna wait a long length of time to fix, as that will just get hackers excited more.