Google Outlines iPhone Vulnerabilities That Let Malicious Websites Steal User Data for Years, Now Fixed

[realtuner]

Ah so they are just "allowing people to use services that they'll probably use anyway" (in exchange for a $9-12 billion annual fee)

When Apple takes the fee from Google they are indirectly profiting from Googles ad business.

Of course Apple is profiting off Googles ad business. That doesn't mean Apple is selling my data for money or careless about my privacy.

Again, they are not mutually exclusive.

 

[Rob_2811]

Of course Apple is profiting off Googles ad business. That doesn't mean Apple is selling my data for money or careless about my privacy.

Again, they are not mutually exclusive.

No they are just taking the cash of those that do which is fine just as long as they are being hypocrites about it.

They gave up their right to act all outraged about it when they pocketed their cut imo.

 

[NickName99]

So this was something reported to Apple way back in February, and Apple released an iOS update to fix it that month? By now pretty much every iPhone and iPad is long since patched.

The timing seems odd. Is Google bringing this old news up to distract from all the malware reports coming out this month regarding Android? Or to try to undermine the release of iPhone 11 in a couple weeks? Maybe both?

 

[Expos of 1969]

No, that's cool, I just found it interesting. It's also interesting that you continue to lurk here even though you hate Apple so much. I, for example, abhor Google so I don't use any Google products, there are plenty of better alternatives out there IMO. But I also don't go to Google and Android forums just to express my disgust with them and then tell people it's "none of your business" when they question me about it. But I've never really been a petty person so I perhaps that sort of behavior is difficult for me to understand.

You claim to not be petty. I disagree but "that's cool". You may wish to brush up on your definition of "lurk". I do not hide here waiting to pounce. I am very open in my participation on this forum. Have a great weekend.

 

[rgbrock1]

Not your business but I have not purchased an Apple product in almost two years. This being the period in my opinion that they have lost the plot and turned into something very different and objectionable to many long time customers. You may feel differently and that is fine.

iPad 6th gen (2018). You haven't purchased an Apple product in almost 2 years? If you have the iPad listed in your signature, that iPad was purchased last year, no?
[doublepost=1567186819][/doublepost]

The real question. Why has the industry as a whole, repeatedly embraced web technology that compromises browsers. Spotlight the advertising dollars, the surveillance big data economy, and the media platforms that are driving the industry. Make browsers simple and secure. Make the website technology adapt to providing desirable content under secure private conditions.

There IS indeed a very secure browser. The Tor browser. Runs on Linux, macOS and Windows.

 

[mdriftmeyer]

In short, this is the FOSS SQlite database that has been incorporated into nearly every major OS that was hacked. I imagine the fixes helped all platforms with those upstreamed changes.

 

[ignatius345]

So Apple has known about this, but they decided to move forward anyway and double down on “Privacy” as a key marketing point?

You get that privacy and security are two separate things, yeah? Because it sounds like you have the two confused.

 

[neutralguy]

So Apple has known about this, but they decided to move forward anyway and double down on “Privacy” as a key marketing point?

Maybe because Apple knows the apple fans treat Apple management as God?

 

[Dave.UK]

What they don't tell you is the vulnerability only affected apps made by a company named Alphabet Inc.

The sites that infected iPhones were web sites that the majority of iPhone users never visit. IE: pr0n sites.

Do only nuns and monls purchase iPhones then?!

 

[bkaus]

I have to agree with those asking about the identity of the known malicious sites, as well as a simple request for the url of a fix. How about publishing the legitimate address where an iPhone user, (perhaps a user that bought one second hand), can log in and ensure that the operating system is clean and up-to-date.

the hack does not survive a reboot.

so every phone is clean after a reboot.

software -> system update

and you know your device is fixed.

 

[Rob_2811]

You get that privacy and security are two separate things, yeah? Because it sounds like you have the two confused.

Not really ,certainly not in this case. Not sure why people keep trotting this out and then telling people that they don't understand.

This Security vulnerability allowed a monitoring agent to track the users message, photo, and location data in real time. Clearly that is also a privacy issue.

 

[realtuner]

No they are just taking the cash of those that do which is fine just as long as they are being hypocrites about it.

They gave up their right to act all outraged about it when they pocketed their cut imo.

There's no hypocrisy. Apple can talk about privacy all they want since they are light years ahead of Google (along with security).

 

[rafark]

The sites that infected iPhones were web sites that the majority of iPhone users never visit. IE: pr0n sites.

is this sarcasm?

 

[Rob_2811]

There's no hypocrisy. Apple can talk about privacy all they want since they are light years ahead of Google (along with security).

In your opinion. For me Tim Cook is a huge hypocrite.

 

[MyopicPaideia]

Wow, dealing with you is certainly frustrating. Your response to questions is often "Source" or "Logical fallacy" or some similar nonsense. Google does not put huge billboards on buildings or put up slides during their keynote presentations stating that PRIVACY is so important to them and they really focus on it. But your beloved Apple does so my question is a very sound question to which you have no concrete response. I never said that Google values security highly but Apple certainly states publicly that it does. Therefore, you should be able to answer my question quite easily but obviously Apple and its actions does not provide you with credible information to do so.

No problem. But it would be easier and more honest if you just said that you cannot answer the question rather than stating "Logical fallacy. I could ask you..."

Ok, well I don’t understand your point. Are you saying that a company can’t honestly believe in privacy and security if they have a bug in their code that somebody else discovered? Is that really your statement? A security flaw is found by a third party, and when notified, Apple pushes out a fix only 6 days later to 90% of its installation base (those on the latest version of the OS). Is there another platform that performs better than this?

 

[realtuner]

In your opinion. For me Tim Cook is a huge hypocrite.

Fine. You continue to believe in fairy tales with no facts to back your claims while the rest of us will look at this objectively based on evidence.
[doublepost=1567188403][/doublepost]

Not really ,certainly not in this case. Not sure why people keep trotting this out and then telling people that they don't understand.

This Security vulnerability allowed a monitoring agent to track the users message, photo, and location data in real time. Clearly that is also a privacy issue.

No. @ignatius345 is correct.

A bank can claim they care about keeping customers valuables secure in their safety deposit boxes/vault. A group of highly trained, well armed criminals hit the bank and steal numerous valuables from the safety deposit boxes.

Criminals robbing the bank doesn't change the "mission statement" of the bank where they talk about keeping your valuables safe. The same way a bug found in a piece of software doesn't change Apples core values about privacy.

 

[Rob_2811]

Fine. You continue to believe in fairy tales with no facts to back your claims while the rest of us will look at this objectively based on evidence.
[doublepost=1567188403][/doublepost]

No. @ignatius345 is correct.

A bank can claim they care about keeping customers valuables secure in their safety deposit boxes/vault. A group of highly trained, well armed criminals hit the bank and steal numerous valuables from the safety deposit boxes.

Criminals robbing the bank doesn't change the "mission statement" of the bank where they talk about keeping your valuables safe. The same way a bug found in a piece of software doesn't change Apples core values about privacy.

What if the the bank were taking cash from the criminals while trying to claim they care about keeping customers valuables secure?

 

[bkaus]

not defending: seems that they were not very popular sites if only 1000's visited per week. And I suspect the attack required "permission" from the visitor since every attack was not successful. Not sure how big the issue truly is considering the iPhone installed user base.

Probably sites called -

Powergridnews.com
Latest banking.com
Democratsonly.com
Republicansonly.com

knowing the site names would tell a whole lot about the targets. Probably pretty focused.

 

[FamVR]

The exploit has been around for two years!

Also your solution is not possible for users of older devices ie iphone 6 and below who can't update to latest ios.

True. Older versions of iOS - read any OS - may be vulnerable to certain well known security bugs, but that’s just how it is. This is nothing new and isn’t limited to Apple. And by using older devices, from whatever brand, you simple have to accept some issues. The good thing is that by taking down malicious websites, you still have some sort of protection. Be it very limited.

 

[johannnn]

So Apple employees did not find these bugs but Google employees did?

Yep.

 

[I7guy]

In your opinion. For me Tim Cook is a huge hypocrite.

And for me he’s a fantastic person that attempts to move humankind forward. Of course, YMMV.

 

[falainber]

It’s absolutely an Android problem because of A) how they vet and approve Apps and B) the underlying architecture of Android and things they allow that iOS (Apple) restricts.

As I said, without access to source code proper vetting is impossible. Android is indeed less restrictive than iOS which potentially leaves more space for bad actors but this is a deliberate tradeoff between security and functionality. Apple restrict functionality. Google, having higher caliber software developers and security experts than Apple, perhaps believe that they can provide security without draconian restrictions on app functionality.
[doublepost=1567192470][/doublepost]

Yes, iOS was insecure for 2 years for those users who like to frequent certain porn sites.

Would not that be most of iOS users?

 

[realtuner]

As I said, without access to source code proper vetting is impossible. Android is indeed less restrictive than iOS which potentially leaves more space for bad actors but this is a deliberate tradeoff between security and functionality. Apple restrict functionality. Google, having higher caliber software developers and security experts than Apple, perhaps believe that they can provide security without draconian restrictions on app functionality.

Bull. Where's your proof for the ridiculous statement that Google has "higher caliber software developers and security experts than Apple"?

Based on all the Apps/malware that sneak into Google Play, the fact Google can't even develop a good messaging system (after half a dozen tries) or can't figure out a way to update all Android devices after years of failed attempts (just a couple quick examples) I'd call that claim a straight up lie.

 

[falainber]

So this was something reported to Apple way back in February, and Apple released an iOS update to fix it that month? By now pretty much every iPhone and iPad is long since patched.

The timing seems odd. Is Google bringing this old news up to distract from all the malware reports coming out this month regarding Android? Or to try to undermine the release of iPhone 11 in a couple weeks? Maybe both?

Or maybe they are not a news organization that is in a business of publishing frequent reports? Or they decided to wait until most iOS users would have updated to the fixed version of iOS? Who knows. One thing is clear, some MR members would not be happy about this report no matter when Google decides to publish it.

 

[I7guy]

As I said, without access to source code proper vetting is impossible. Android is indeed less restrictive than iOS which potentially leaves more space for bad actors but this is a deliberate tradeoff between security and functionality. Apple restrict functionality. Google, having higher caliber software developers and security experts than Apple, perhaps believe that they can provide security without draconian restrictions on app functionality.
[doublepost=1567192470][/doublepost]
Would not that be most of iOS users?

There is no doubt there is an advantage to proprietary software, ask Microsoft.

hiwever do you have proof google has “a higher caliber” of software developer than Apple, or is it just hyperbole?