Im not saying to have told nsa but just quietly passed the list of vulnerabilities to apple and samsung to give them some time (a minor release cycle?) before the info went public.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Says Many of the Vulnerabilities Detailed in 'Vault 7' Leaks Already Patched
- Thread starter MacRumors
- Start date
- Sort by reaction score
Im not saying to have told nsa but just quietly passed the list of vulnerabilities to apple and samsung to give them some time (a minor release cycle?) before the info went public.
Remember during early 2016 when law enforcement authorities had a tough time figuring out how to break into the iPhone owned by the San Bernardino shooter? Likely running an iOS 9.x version, given full device encryption they tried and only was successful in partially recovering the data.
Now, with the current iOS 10.2.1, you can forget about breaking into the iPhone unless you have some VERY serious hacking tools assisted by a very high-end supercomputer--and they might not succeed, either.
Now, with the current iOS 10.2.1, you can forget about breaking into the iPhone unless you have some VERY serious hacking tools assisted by a very high-end supercomputer--and they might not succeed, either.
Wikileaks held back the actual exploit code. It will take some time for others to figure out exactly how the vulnerabilities work from the developer docs and create new exploits. Assuming the code isn't already circulating elsewhere, I think Apple will be able to fix iOS in time. But it is very possible that many not so well-supported Android devices and IoT things like smart TVs will not be patched in time.
Will be interesting to see who they credit for discovering the vulnerabilities in the release notes.
I don't believe that’s true MR. Apple said many, and not most. I fact Apple have not disclosed a guesstimate proportion nor have they used a phrase like ‘vast majority’. I read plenty into that.
Earlier today a new series of Wikileaks leaks revealed the United States Central Intelligence Agency's efforts to hack iPhones. The leaks detail a number of iOS exploits that can be used to bypass security on devices. Tonight, Apple said in a statement provided to TechCrunch that most of the vulnerabilities detailed in the leaks have been patched.
I'm not an expert on jailbreaking, but doesn't publishing that list make it easier to jailbreak the OS?
Doesn't running a jailbroken device suggest you're running on a more vulnerable device?
Doesn't running a jailbroken device suggest you're running on a more vulnerable device?
We're focusing on the iOS aspect when the reality is, this leak was released at this time to distract from what's going on currently with the Trump administration. WikiLeaks has been very planned in their recent releases. This release is meant to make some believe that the US has the ability to fake the Russian hacking, such as the DNC case. While there's no evidence this is true, just getting some to make that jump is all they need in order to get many to write the whole thing off and believe the Russians had nothing to do with it.
[doublepost=1489063985][/doublepost]
Nope. This doesn't include any actual exploits. It simply says "Yeah there are some exploits in there somewhere." There's no code included. It's like someone pointing to haystack and saying there's a needle in there somewhere.
[doublepost=1489063985][/doublepost]
Nope. This doesn't include any actual exploits. It simply says "Yeah there are some exploits in there somewhere." There's no code included. It's like someone pointing to haystack and saying there's a needle in there somewhere.
Wikileaks held back the actual exploit code. It will take some time for others to figure out exactly how the vulnerabilities work from the developer docs and create new exploits. Assuming the code isn't already circulating elsewhere, I think Apple will be able to fix iOS in time. But it is very possible that many not so well-supported Android devices and IoT things like smart TVs will not be patched in time.
Will be interesting to see who they credit for discovering the vulnerabilities in the release notes.
yep, things like this only serve to help apple as people become more aware of which platform actually fixes these problems and gets those fixes into their hands fastest.
Given the extreme fragmentation of Android, wow I would not want to be an engineer at Google focusing on bug fixes that will never be installed on millions of devices simply because the OEM has dropped support for it.
So how many folks have actually gone over and checked out Vault 7?
I feel like a lot of hysteria about this is just mirroring Wikileaks hype. Apple, for their part are simply spin-doctoring this to say, oh we already fixed that.
Truth is, crypto on 'private' apps isn't and doesnt need to be broken. All a hacker needs to do is trick someone into installing something on their phone with Social Engineering (or via an ad network). That then only needs to capture the active screen image when Signal or whatever is open.
EG: if you can do a screen shot of the app, then a process running in the background would be able to grab that info using the same object that handles screenshots.
I'm skeptical of the tone, timing and content of this leak.
Having read through several it mostly seems like kindergarten 'how to' articles for Linux newbs. Peppered with a few sensational bits.
I feel like a lot of hysteria about this is just mirroring Wikileaks hype. Apple, for their part are simply spin-doctoring this to say, oh we already fixed that.
Truth is, crypto on 'private' apps isn't and doesnt need to be broken. All a hacker needs to do is trick someone into installing something on their phone with Social Engineering (or via an ad network). That then only needs to capture the active screen image when Signal or whatever is open.
EG: if you can do a screen shot of the app, then a process running in the background would be able to grab that info using the same object that handles screenshots.
I'm skeptical of the tone, timing and content of this leak.
Having read through several it mostly seems like kindergarten 'how to' articles for Linux newbs. Peppered with a few sensational bits.
If you install "private" apps from untrustyworthy sources, it's your own fault.
I wonder what happened to Apple always stating there devices cannot be hacked and are secure.........
Show me one single statement from Apple that has ever claimed such a thing. I'll wait.
And no, I don't mean touting security, I want you to show where Apple has ever stated their devices cannot be hacked, period. Otherwise, maybe you're hyperbolically misrepresenting valid statements they have released.
We'll wait.
Like I said elsewhere, watch for another iOS 10.3 beta drop early next week to include patches for a lot of the exploits mentioned in Vault 7. As such, we may not see iOS 10.3 released until the end of Marcch 2017.
By the way, there are rumors that WikiLeaks DID provide directly to Apple a lot of detailed information about those exploits first--likely through a private channel.
By the way, there are rumors that WikiLeaks DID provide directly to Apple a lot of detailed information about those exploits first--likely through a private channel.
