@Jamie Bishop, if you have a link that could make us less stupidly uninformed, it would be appreciated. Just knowing it's a key to decrypt the firmware is enough to know it's not a huge risk itself-- assuming the firmware is well written.
Good, and exactly. People in this thread are discussing hacking the secure enclave as if it were jailbreaking, which it isn’t.
Yeah, I know but I would assume that instead of focusing on new iOS they could focus on additions. Ie. if the new hardware needs new software for the camera then add that first. Then if you have time focus on other stuff. Have new iOS out less often so its worth it whist you also don't overload your coders so in the end the result is more refined overall. I'm sure the cam features could be easily added to .1 release especially when everything is done inhouse and you know what your pipeline looks like so with good planning your iOS could be future proof ready
You do realize that the best defense against bad guys hacking the Secure Enclave is good guys hacking the Secure Enclave first, right? If this didn't hit the front page of MR, it would still be happening-- you just wouldn't know about it. Better to keep Apple's feet to the fire, otherwise complacency leads to lax security.
Uhm, AFAIK the poem was just a warning message inside the kernel extension doing the validation, but the validation itself was performed by using keys contained in the SMC. I could very well be wrong though.
It's very naive to believe he was the only one in the World who was able to compromise the key. You should assume that if he managed to compromised it, others could have managed to do just the same.
I agree with you that there isn’t really a need to jailbreak iOS anymore. And Apple should focus on security 100%. iOS has come a long way. I don’t agree with that list you wrote, though. I’ll just respond to your points.
Sorry, but this is a very close minded point of view.
For years, Apple was the only tech company talking about privacy and security at every event just like they were the only company talking about environmental issues too. They started that trend. You can take the cynical view of that and spin it that they only care about their image but what does that say about every other company that followed their lead? Also remember that reacting to security breaches and mistakes cannot and usually should not be fast. Knee jerk fixes and reactions to security issues tends to create more problems. It's much safer to quickly address a Memoji bug because there's no downside. I agree that Apple is very concerned with their image and should be and yes, they've pivoted much closer towards security and privacy ever since they've been criticized for falling behind in AI. Marketing plays a role in every decision they make just like it does for every company. Just because Apple is the best at it does not mean they are the worst at execution or delivery great products with great security too.We both know that Apple is about image first. Its evident everytime Tim Cook has an interview but then when you cross check those stories where developer or hacker reports an issue and Apple takes its sweet time then that kinda paints different story, don't you think?
I love Apple, don't get me wrong but I am not happy with some of their choices (which is fine).
To me, privacy is important too so if it takes a controversial step for Apple to improve then so be it. These days the most common action is that everyone sues everyone but very few people focus on what really matters. Apple is building an image so they should also take actions that back their "mentality".
Example: look how long Apple spends on Memoji or Slofies vs how much time they spend on privacy etc.
When they present something, the focus on privacy is secondary but then they put a billboard talking how it all stays on your device.
It should be the other way around. Memoji, Slofies etc. should get the little time privacy has each keynote and privacy should get the spotlight.
Yes, I understand that the society these days is so obsessed about self gratification, instant attention etc. that unfortunately those stupid Memoji, selfies, Slofies etc. simply is what people really want. Heck, even my mum started doing this nonsense and she is almost retired.
So yeah, let the hackers expose as much as possible because thanks to those guys we will most likely get better and more secure systems. Anything that touches Apple's image is usually fixed fairly quickly. Apple is obsessed about the right image so its the only way how to get stuff done fast
Yeah, many people don't realize that iOS running on their device does not belong to them. The TOS that you need to agree/decline specifically states that ownership of iOS always remains with Apple. What consumers actually own is a license to use the iOS system IAW Apple guidelines. Some people think they own the hardware and the software, this simply isn't the case.
It's called respect for other people's property. iOS is owned by Apple. Apple specifies how I can use iOS. If I'm not happy with their guidelines, then I shouldn't use their property.
That’s what they say, but it seems to have been working very well.
Corporate espionage has enabled bits and pieces of the underlying tech to surface. It’s not about Apple having nothing to worry about. It’s about the bad actors (whether they be bad guys or governments) getting hold of knowledge.
