Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Now why would Russia have allowed Wikileaks to publish this? If Russia had already known about it and controlled Wikileaks, it seems they would want to keep it quiet so they could use the exploits.
That's the reason why I said that most likely all or almost all of them are patched already. So it is mostly useless unless people have old phones that they didn't update. If this was something that would be useful to Russia it would have never been published.
 
  • Like
Reactions: Eraserhead
I understand that. I have no issue with that. How is it relevant to the CIA attacking iOS?

I expect the CIA and other major intelligence agencies of the world to engage in exploiting communications. That's been going on, in different forms of course, for centuries.

My original comment was in response to your characterization of Rigby's comment "I'm pretty sure iOS devices will be fixed much faster than most Android phones, not to mention things like smart TVs ..." as being crap or silly.

It's absolutely not. I'll chose the OS that gets frequent updates with security exploit patches over one that doesn't. I'm not worried about the CIA, rather non-government actors who already have (or will soon have access) to these and other exploits. Frequent updates can/will help with those getting patched, especially now that some of these exploits are public.
 
Does Apple patch security holes in older versions of iOS?
Would someone on an older phone such as an iPhone 4s or 5 be vulnerable?

Yes, you are vulnerable. Apple does not really care about old customers, what they care about is what you have bought from them recently. Have not bought in a couple of years then you are dead to Apple. For example, have an old computer that does not have SSD, expect current macOS to run like a dog because it is optimized for SSD, even though Sierra supports hardware without SSD. Its Apple's way of pushing you to upgrade. Same with phones, either upgrade to get the security and sucky performance, or don't upgrade to keep good performance, but be vulnerable.
 
I'm not criticizing for stepping on an ant. I'm criticizing for doing little to fix the Foxconn issues, and treating their manufacturing workforce like disposable ants, generally speaking with other companies too like Pegatron that do the same but apple also uses, and being based in Chynnnuh, constantly feeling the need to react to anything the president does internally in a memo to his employees too

I am picking my battles thanks

Also outside of the whole unlocking the iPhone thing with obama at the end and unlocking that 5c from the san barandino tragedy and apple doubling down on security (good), that stood to put apple in harms way publicly speaking I don't remember cook repeatedly speaking out about obama wrongdoing. Whereas now it feels rampant.

Where was the outrage over 2.5 million immigrants deported during obama terms?

You know, I highly doubt you'd think Tim Cook was responding to "nitpicky" things if you were gay or a refugee.

You're correct, Tim Cook is a hypocrite for taking the profit margins he does while paying Chinese workers like he does. The correct response, however, is to start caring about both, not neither as you're implying.
 
My original comment was in response to your characterization of Rigby's comment "I'm pretty sure iOS devices will be fixed much faster than most Android phones, not to mention things like smart TVs ..." as being crap or silly.
It is indeed crap and silly as it relates to the topic of discussion, imo of course. Whether iOS devices will be fixed faster than Android devices bares no importance on what the CIA is doing regarding iOS. It's a different topic for a different conversation. We disagree here, obviously. It's cool.

It's the same as if you and I are discussing the pros/cons of getting protein from legumes and someone jumps into the conversation and starts talking about how meat has protein and tastes delicious... and it does... especially bacon. You know, like when it's all crispy and applewood smoked or peppered. There's a plateful and no one else is around. You know you shouldn't eat all of it, but you will. Cuz bacon. Bacon is... wait, whaa?

See, now we've gotten drawn away from the original topic of... of... of... screw it. Bacon, let's discuss.
 
Sigh. Our tax dollars at work. And some of our elected officials apparently begrudge money to pay for the chemotherapy of the taxpayer whose hard earned money pays their salary. No, they'd rather keep funding the military industrial complex so we can all live like it's 1984.
 
I'd be more concerned with the fact that CIA have agent programmers within Apple (and all major tech companies), building backdoors and vulnerabilities into the code from scratch.

The CIA is a criminal racket that operates outside of any constitutional control with its own agenda. It should be dismantled and replaced with an organisation that is controlled by and works for the interest of the republic.

Drain the swamp.

And every person in this forum and every tech forum in the world should be willing to stand up and not tolerate this blatant violation of the law. But as you see here (not this post, but others), many just don't care. They get so much stuff for free, that they are not about to bite the hand that feeds them. To them government domination is just fine as long as the government pretends to care for them and their pet social issues. How naive, ignorant, and immature.
 
  • Like
Reactions: You are the One
These vulnerabilities posted don't go past iOS 7. As someone who has worked with law enforcement and Apple over the years, I can say they have current ones for iOS 10 which haven't been disclosed.
 
It is indeed crap and silly as it relates to the topic of discussion, imo of course. Whether iOS devices will be fixed faster than Android devices bares no importance on what the CIA is doing regarding iOS. It's a different topic for a different conversation. We disagree here, obviously. It's cool.

It's the same as if you and I are discussing the pros/cons of getting protein from legumes and someone jumps into the conversation and starts talking about how meat has protein and tastes delicious... and it does... especially bacon. You know, like when it's all crispy and applewood smoked or peppered. There's a plateful and no one else is around. You know you shouldn't eat all of it, but you will. Cuz bacon. Bacon is... wait, whaa?

See, now we've gotten drawn away from the original topic of... of... of... screw it. Bacon, let's discuss.

Disagree, it's very related. Those security exploits, now that they're public, will soon be (or already are) in the hands of non-government actors. Using a frequently updated mobile OS, such as iOS will help ameliorate the very real adverse consequences to iPhone users. And this being an Apple forum makes it relevant.

What the CIA (and dozens of other intelligence agencies) are doing with respect to exploiting phones is not news or particularly interesting - I would be honestly shocked and disappointed if that were not happening. Knowing that a frequently updated mobile OS can potentially avert some exploits from non-government actors is very interesting.
 
Last edited:
These vulnerabilities posted don't go past iOS 7.
Actually, the most recent exploit listed is for iOS 9.2:

https://wikileaks.com/ciav7p1/cms/page_13205587.html

I just took a quick look at the archive. The most recent files I saw are from early 2016. Also, I did not see any actual exploit code. Wikileaks included only directory listings as placeholders for most tar archives, so at least there are no ready to use exploit tools. However, the developer documentation contains fairly detailed descriptions of vulnerabilities that will enable bad actors to write their own exploit tools.

It should also be mentioned that, according to Wikileaks, this is only a part of the whole package. More (and perhaps more recent) material is probably circulating. One can only hope that the CIA works proactively with the affected companies to fix the vulnerabilities ASAP.
 
  • Like
Reactions: 69Mustang
How can you really be sure?

I mean any company would say exactly the same thing won't they to keep their uses safe... Why is Apple a number #1 exception to this ? If they all cling to "Well Apple focuses strongly with privacy" as the reason, u may want to try a bit harder.... because other companies all say the same too, can say the same..
 
Disagree, it's very related. Those security exploits, now that they're public, will soon be (or already are) in the hands of non-government actors. Using a frequently updated mobile OS, such as iOS will help ameliorate the very real adverse consequences to iPhone users. And this being an Apple forum makes it relevant.
Okay. Let's say those iOS exploits are out in the wild in the hands of non-government actors. People with bad intent who want to exploit iOS for their gain and our loss. How does pointing at Android help in that instance? As far as I can tell, it does nothing to mitigate any possible damage in iOS. It basically states, "Yeah I know there's a problem, but the other guys have problems too." As if the other guy having problems somehow makes my problems less.

What the CIA (and dozens of other intelligence agencies) are doing with respect to exploiting phones is not news or particularly interesting - I would be honestly shocked and disappointed if that were not happening.
Not sure why you keep bringing this up. I said the same thing on the original post yesterday (ironically, the same post you gave a thumbs up). Nothing in our current conversation is about whether it's news or particularly interesting. Me stating the CIA is the topic is not the same as me stating the CIA is news or interesting.
 
Weather some of these exploits are patched by Apple is probably an issue, but what about all the others that have NOT be disclosed yet i'd be more worried about.
 
And every person in this forum and every tech forum in the world should be willing to stand up and not tolerate this blatant violation of the law. But as you see here (not this post, but others), many just don't care. They get so much stuff for free, that they are not about to bite the hand that feeds them. To them government domination is just fine as long as the government pretends to care for them and their pet social issues. How naive, ignorant, and immature.

Agreed. And as others have pointed out intelligence is part of the reality of this world. However, independent intelligence agencies acting as criminal rackets serving the interests of out of government entities are not acceptable and should be rooted out.
 
  • Like
Reactions: nt5672 and iObama
Agreed. And as others have pointed out intelligence is part of the reality of this world. However, independent intelligence agencies acting as criminal rackets serving the interests of out of government entities are not acceptable and should be rooted out.
Here here!

A modern day Church commission needs to happen, fast.
 
  • Like
Reactions: You are the One
Okay. Let's say those iOS exploits are out in the wild in the hands of non-government actors. People with bad intent who want to exploit iOS for their gain and our loss. How does pointing at Android help in that instance? As far as I can tell, it does nothing to mitigate any possible damage in iOS. It basically states, "Yeah I know there's a problem, but the other guys have problems too." As if the other guy having problems somehow makes my problems less.


Not sure why you keep bringing this up. I said the same thing on the original post yesterday (ironically, the same post you gave a thumbs up). Nothing in our current conversation is about whether it's news or particularly interesting. Me stating the CIA is the topic is not the same as me stating the CIA is news or interesting.

"How does pointing at Android help in that instance? As far as I can tell, it does nothing to mitigate any possible damage in iOS. It basically states, "Yeah I know there's a problem, but the other guys have problems too." As if the other guy having problems somehow makes my problems less."

It's not about pointing at Android or saying they have problems too. It's about as smartphone consumers, we basically have two mobile OS choices. If one of those choices provides frequent OS updates that also results in recently revealed security exploits being addressed and patched, as a smartphone consumer who cares about security, I'll give a lot of weight to and purchase phones using that OS, and, little weight to phones using an OS that has infrequent or no updates.


"Not sure why you keep bringing this up."

You brought up the CIA in previous posts, such as: "How is it relevant to the CIA attacking iOS?". I'm saying it's not relevant to the issue being debated with respect to the point Rigby was making, going all the way back to you responding to his post.
 
Last edited:
"How does pointing at Android help in that instance? As far as I can tell, it does nothing to mitigate any possible damage in iOS. It basically states, "Yeah I know there's a problem, but the other guys have problems too." As if the other guy having problems somehow makes my problems less."

It's not about pointing at Android or saying they have problems too. It's about as smartphone consumers, we basically have two mobile OS choices. If one of those choices provides frequent OS updates that also results in recently revealed security exploits being addressed and patched, as a smartphone consumer who cares about security, I'll give a lot of weight to and purchase phones using that OS, and, little weight to phones using an OS that has infrequent or no updates.


"Not sure why you keep bringing this up."

You brought up the CIA in previous posts, such as: "How is it relevant to the CIA attacking iOS?". I'm saying it's not relevant to the issue being debated with respect to the point Rigby was making, going all the way back to you responding to his post.
We're getting pretty circular here. Obviously we're not going to agree. You say it's not about pointing that Android has problems too, but that's exactly what Rigby's original post is doing. Nothing in his post is about choices of OSes.

What you kept bringing up was it's not new or interesting. That's not what I brought up. I brought up the fact that the CIA was the topic of the article. As I said before, it's not the same thing.

I know I'm stepping on a hornets nest that will lead further off topic, but you must not know how Android security updates are propagated. I say that because every one of your posts has presented Android security updates as if they are tied to OS updates like iOS. They're not. Android security updates are released monthly and don't require an OS update. Take my old S5 and new S7 for example. Neither required an OS update (although they did get updated to M and N respectively) for security to be updated.
 
We're getting pretty circular here. Obviously we're not going to agree. You say it's not about pointing that Android has problems too, but that's exactly what Rigby's original post is doing. Nothing in his post is about choices of OSes.

What you kept bringing up was it's not new or interesting. That's not what I brought up. I brought up the fact that the CIA was the topic of the article. As I said before, it's not the same thing.

I know I'm stepping on a hornets nest that will lead further off topic, but you must not know how Android security updates are propagated. I say that because every one of your posts has presented Android security updates as if they are tied to OS updates like iOS. They're not. Android security updates are released monthly and don't require an OS update. Take my old S5 and new S7 for example. Neither required an OS update (although they did get updated to M and N respectively) for security to be updated.

"What you kept bringing up was it's not new or interesting. That's not what I brought up. I brought up the fact that the CIA was the topic of the article. As I said before, it's not the same thing."

My point was that it was not relevant to the case Rigby was making. The recent revelations via Wikileaks, though, will inspire some exploits being patched.
 
wikileaks should have given apple and samsung a quiet heads up before releasing this stuff to give them a chance to close the holes.
 
Considering Russia allowed Wikileaks to publish this I'd bet almost all of not all of them have been patched so there isn't much loss to their intelligence services by leaking it.

Or... perhaps it's a game of chess....

Perhaps Russia has noticed a weakness in the code that will become more vulnerable if Apple patches the code that Russia has directed Apple towards.

Kind of like exposing your king to get your opponents queen right where you want her to take her with a pawn.

Russia may be looking a couple steps ahead, and anticipating that Apple will likely use specific code / instructions to patch certain weaknesses. And if Apple uses the particular code that Russia is anticipating, perhaps it may inadvertently open another more significant door.

Perhaps the mouse is just leading the cat into a trap.
 
wikileaks should have given apple and samsung a quiet heads up before releasing this stuff to give them a chance to close the holes.

ah ya, ok,, like how Wiki-leaks, would give the NSA a change to come clean ? Sorry, won't happen..

People need to know things ASAP, in vulnerabilities.. they don't wanna wait a long length of time to fix, as that will just get hackers excited more.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.