Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
You're not getting it. a site isn't putting something on your phone without your acknowledgement, as you are willingly going to that site. You have to visit that site for that site to do something to your device. Depending on how they set it up will determine if it is with or without acknowledgement, but then the damage is already done. You visited the site, which is all the acknowledgement the site needs.

You or visit requests a GET from their webserver, and the webserver responds with the content. No acknowledgement needed or required.

BL.
Yeah viruses exist. This isnt a virus.
 
All one needs to do is update to 9.2.2 ; problem solved. If it's one thing Apple is good at it is patching up iOS.
No system can be labeled as hack proof.

False. If the exploit isn't released to the public then Apple will have a very hard time finding what exactly to patch up. Expect future iOS builds to be vulnerable until Apple identifies the exact exploits used.
 
False. If the exploit isn't released to the public then Apple will have a very hard time finding what exactly to patch up. Expect future iOS builds to be vulnerable until Apple identifies the exact exploits used.

Hmm.

If the exploit will be available commercially to those willing to pay the price, you don't think Apple will manage to secure a copy one way or the other?

Really?
 
So the nice thing that this is happening to apple is they will now patch it in the very next release. If this was found in the root code of android you might never see a patch like stage fright and stage fright 2.

Actually, if you read correctly it was not disclosed to Apple.
Unless someone tells Apple, it cannot be patched.
This is going to be used by clandestine organizations.
 
Actually, if you read correctly it was not disclosed to Apple.
Unless someone tells Apple, it cannot be patched.
This is going to be used by clandestine organizations.
Hopefully Apple will purchase it (directly or indirectly) and take care of it that way.
 
See post #137, immediately before yours.
Apple would need to go through an intermediary.
The company was not interested in disclosing to Apple at this time.
Since they know their customers and I'm sure they will be under NDA, Apple may have a tough time getting their hands on it.

All you need to do is put enough teeth in the contract.
Someone that discloses could find themselves completely broke and unable to collect on any money that Apple would pay.

I'm just going to go grab a bag of popcorn...........
 
  • Like
Reactions: SirCheese
Apple would need to go through an intermediary.
The company was not interested in disclosing to Apple at this time.
Since they know their customers and I'm sure they will be under NDA, Apple may have a tough time getting their hands on it.

All you need to do is put enough teeth in the contract.
Someone that discloses could find themselves completely broke and unable to collect on any money that Apple would pay.

I'm just going to go grab a bag of popcorn...........

Perhaps.

But just for fun, go back and read my post again. Slowly. Carefully.

Really?
 
Apple would need to go through an intermediary.
The company was not interested in disclosing to Apple at this time.
Since they know their customers and I'm sure they will be under NDA, Apple may have a tough time getting their hands on it.

All you need to do is put enough teeth in the contract.
Someone that discloses could find themselves completely broke and unable to collect on any money that Apple would pay.

I'm just going to go grab a bag of popcorn...........
I'm sure it wouldn't be hard to go through some intermediary if needed. That said, while they weren't interested in disclosing the details to Apple, it doesn't mean they wouldn't be interested in selling those same details to Apple.
 
Hmm.

If the exploit will be available commercially to those willing to pay the price, you don't think Apple will manage to secure a copy one way or the other?

Really?

The point i was trying to make is that, without knowing which exploits are used, Apple is going to have a hard time figuring out which holes to plug exactly. I'm not saying that they can't get their hands on the exploit, but if they do then obviously a fix will be out.
 
The point i was trying to make is that, without knowing which exploits are used, Apple is going to have a hard time figuring out which holes to plug exactly. I'm not saying that they can't get their hands on the exploit, but if they do then obviously a fix will be out.

Fair enough. and quite true.
 
That is disgusting.

The first you report an exploit to is the manufacturer of the software OR you open-source it.
Selling to shady people, and that absolutely means the government agencies, not finance companies merely trying to safe their own asses, is exactly what I find despicable, but hey, money doesn't stink, eh?

Good thing the tax dollar paid for that, I'd love to waive around with money I don't own myself as well and backstab people using their investments.

And before anyone tells me about cyber security: I've long stopped buying that.
As long as the system is corrupt and as flawed as it is, I have very little respect for their work. Sorry, if anyone working for these agencies reads this.
I'm not disrespecting you, who might have all the right intentions and love for their country, be it the USA, Canada, ... or in my case Germany, but it's the lies, the breaking the laws, the de-facto unmonitored state of affairs, etc... I don't like.

I don't trust governments or people enough to feel all this warrant to protect me from the relatively low risks of terrorism, much of which is the result of the "developed world's" way of playing, and I feel that is the right term, world politics and economics.

Glassed Silver:mac
 
  • Like
Reactions: Solver
This is probably just the tip of the iceberg. There are likely other exploits like this that just don't get publicized.

The sentence about "government organizations in need of specific and tailored cybersecurity capabilities" is particularly galling. The government's role should be to protect the country from this kind of thing, not to keep it secret and exploit it themselves.
You under some sort of illusion thinking US government is still for , of and by the people? That ended shortly after the end of World War II.
 
  • Like
Reactions: Solver
Why? It's Apple's bug. Someone found a bug Apple doesn't know about. Why should they be required by law to tell Apple about it?

Apple should find their own bug, or, you can find it, and tell Apple about the exploit for free.
It may be time to put up different kind of bounty. One where people that do this **** get bounty on their heads. Kind of bounty that leads to little lead high speed projectiles that won't be stopped by the money, unless they stack it around themselves hiding behind it.
 
  • Like
Reactions: FriendlyMackle
These guys are scum. Selling our privacy and security of millions down the river for personal profit. For many people in dictatorial countries with oppressive regimes, providing exploits to these governments to gain access to iPhones could result in serious consequences – prison, torture, or worse. I don't know how people could sleep at night operating this kind of business.
 
  • Like
Reactions: FriendlyMackle
$1M bucks. Is that too hard to spend for a trillion dollar company?

If Apple was the one organizing that jailbreak event every year or so, theyll make sure the zero day faults weren't in bad hands
 
  • Like
Reactions: korthaj
Apple would need to go through an intermediary.
The company was not interested in disclosing to Apple at this time.
Since they know their customers and I'm sure they will be under NDA, Apple may have a tough time getting their hands on it.

All you need to do is put enough teeth in the contract.
Someone that discloses could find themselves completely broke and unable to collect on any money that Apple would pay.

I'm just going to go grab a bag of popcorn...........
Like it would matter if Apples's shell company goes broke or is sued. Can't collect crapola from empty bucket.
 
I simply do not understand anymore why people would want to open up their phones to hackers. I understand governments are one thing since obviously they can get around iPhone security regardless of jailbreak status but at least we can temporarily comfort ourselves with the promise that our data is being kept hidden in some government data center... Hackers though? Really? People that will sell your data and use your phone/devices as bots? It's just stupid. I can't think of any real practical benefit behind jailbreaking that makes it worthwhile, whether it be on Android of iOS.

Ok, f.lux is an exception that I would REALLY like to see on my iPhone...

While I completely agree with all of your post prior to the quoted area above, I have more to say about it. Think of things this way; think of the Jailbreakers and (some) hackers as people like Snowden. A lot of them just want the freedoms that they feel they deserve, and some are very much so (obviously not all) just in the matter. They work together to provide for the community, and generally don't sell out with their exploits. On the other hand; think of the government as...well, the government (no further negative connotation necessary than that really) - trying to infiltrate our lives and collect hard data on us so that they can run political corruption deeper and deeper into our lives while under the guise of "security".

I get that one may say it's a paranoid way of thinking; but if that becomes closer and closer to the truth, who would you rather trust? I'll take the hackers any day.
 
These guys are scum. Selling our privacy and security of millions down the river for personal profit. For many people in dictatorial countries with oppressive regimes, providing exploits to these governments to gain access to iPhones could result in serious consequences – prison, torture, or worse. I don't know how people could sleep at night operating this kind of business.
Someone need to publish names and home addresses of the people offering bounty, those creating exploit, and those buy it. Let's get something going here exploiting their privacy.
 
  • Like
Reactions: FriendlyMackle
How is that a reasonable table of vulnerabilities? MAC OS X includes all version of OS X, so in that sense all version of Windows should be grouped together in the same manner. That would definitely change the results.

OS-chart.jpg


Or if you don't believe that one goto CVE, they show OS X having 114 for 2014, windows had 38.
2015 is showing OS X with 335!!!! vulnerabilities, where as windows have 135 server, 130 for Win8[/QUOTE]
 
well, at least they *all* are vulnerable....

I gotta hand it to hackers,,, they can now get Jailbreaks done even before public release.... :D
 
It's just disgusting how much disregard there is in this world to recognize peoples privacy. Its like a group of perverts trying to find people that would install peep cams in the bathroom at a girls dormitory. Except I think that the hacking of someones phone is much more nefarious being that someone could actually be harmed by their phone being hacked versus just a peeping tom watching you.
 
So the nice thing that this is happening to apple is they will now patch it in the very next release. If this was found in the root code of android you might never see a patch like stage fright and stage fright 2.

And how are they gonna patch it if they don't know the issue?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.