Google Researchers Say Hackers Exploited Two Zero-Day Vulnerabilities Patched in Apple's iOS 12.1.4 Update

Discussion in 'iOS Blog Discussion' started by MacRumors, Feb 8, 2019.

  1. bstpierre macrumors 6502a

    Joined:
    Mar 28, 2008
    #26
    Do you feel they added too many new features in iOS 12? :)
     
  2. npmacuser5 macrumors 65816

    npmacuser5

    Joined:
    Apr 10, 2015
    #27
    Google, nice to point out the flaws, how about expose the hackers while your at it.
     
  3. 69Mustang macrumors 603

    69Mustang

    Joined:
    Jan 7, 2014
    Location:
    In between a rock and a hard place
    #28
    Presumption being they knew who the hacker were:rolleyes: Are you familiar with what Project Zero does?
     
  4. npmacuser5 macrumors 65816

    npmacuser5

    Joined:
    Apr 10, 2015
    #29
    Simple answer yes. Suggesting the next step. I would speculate that a good majority of the hackers are rather easy to find, given the vast resources Google has. The very sophisticated well funded ones the challenge. Nice to deliver blows to low hanging fruit. Also points out the degree of ease the flaw has.
     
  5. 69Mustang macrumors 603

    69Mustang

    Joined:
    Jan 7, 2014
    Location:
    In between a rock and a hard place
    #30
    None of that makes any sense. Google's resources, like the resource of Microsoft, Apple, Facebook, etc. have no correlation to their ability to find hackers. Besides, I'm pretty sure the math says it makes more sense to mitigate the vulnerabilities instead of wasting resources chasing a person or group of people. Even with that being said, there are groups with resources dedicated to finding hackers. Both gov't and private.

    Project Zero's mission of finding zero day exploits is beneficial enough.
     
  6. npmacuser5 macrumors 65816

    npmacuser5

    Joined:
    Apr 10, 2015
    #31
    My point, 90 days after the flaw found until public notified. Public and bad guys who know of the flaw are in most cases unaware the flaw has been found. A perfect time to set a trap. If Google cannot do it then turn over the flaw to not only the developer but to those hunting the hackers. Finding the flaw not enough. Need more aggressive actions on holding the hackers accountable. Hackers have this Robin-hood cult following. When they are just criminals.
     
  7. WatchFromAfar macrumors 65816

    WatchFromAfar

    Joined:
    Jan 26, 2017
    #32
    Wouldn't the victory be if there was no "hole" to begin with? This whole "hey, software is buggy right?' but we fixed it" seems like the whole Windows (but you need anti-virus really to use it) non-sense Microsoft found themselves in.
     
  8. Nunyabinez macrumors 68000

    Nunyabinez

    Joined:
    Apr 27, 2010
    Location:
    Provo, UT
    #33
    I just love when people make suggestions in domains they know nothing about.

    Zero Day means that it is an existing vulnerability in a live system. It doesn't mean that there are hackers already exploiting it.

    It's like if your neighbor said "I noticed that your upstairs window has a loose piece of glass that could be pried out" and then someone on MR says, "why don't they give you the name of the burglars?" Or even better "why didn't your neighbor set a trap for the burglars?"

    Just because a vulnerability exists, doesn't mean anyone has actually exploited it. And it's not Google's job to hunt down criminals.
     
  9. Kabeyun macrumors 68000

    Kabeyun

    Joined:
    Mar 27, 2004
    Location:
    Eastern USA
    #34
    Ambiguous headline. Exploited prior to the patch. Whew.
    --- Post Merged, Feb 8, 2019 ---
    No such thing as a modern, robust OS with no holes. You’re talking about pie in the sky and an unrealistic standard.
     
  10. pat500000 macrumors G3

    pat500000

    Joined:
    Jun 3, 2015
  11. mib1800 macrumors 68030

    Joined:
    Sep 16, 2012
    #36
    Contrary to popular believe, iOS is obviously more bug ridden than Android due to its closed proprietary nature.

    Even 14 years old kid can discover one major zero day bug is a telltale sign.
     
  12. geekon2wheels macrumors newbie

    geekon2wheels

    Joined:
    Oct 19, 2011
    Location:
    San Francisco Bay Area, California
    #37
    This is why people should seriously consider upgrading to the newest iOS as long as performance is not severely impacted. Anyone on an iOS 12-compatible device should already be on it. Staying on an older iOS *just* for performance reasons is asking to be exploited - there are plenty of vulnerabilities that aren't even known or published.
     
  13. WatchFromAfar macrumors 65816

    WatchFromAfar

    Joined:
    Jan 26, 2017
    #38
    Well the OP was implying we should be thankfull Apple gets round to fixing things. Your mentality seems to be modern OSs are inherently broken and therefore we should be thankful for what we've got (BTW heard of any day-1 Linux flaws lately?)
     
  14. farewelwilliams, Feb 8, 2019
    Last edited: Feb 8, 2019

    farewelwilliams macrumors 68000

    Joined:
    Jun 18, 2014
    #39
    i don't get your point here.
    iOS patched these two exploits and all iOS devices can receive the update now.
    Android patched, but updates aren't available for all devices yet.

    you're saying, it's fine if Google points out those iOS already-fixed exploits, but i can't point out Google's exploits?

    you sound very hypocritical right now.
     
  15. dampfnudel macrumors 68030

    Joined:
    Aug 14, 2010
    Location:
    Brooklyn, NY
    #40
    Someone needs to reboot their sarcasm detector.
     
  16. bozzykid macrumors 68020

    Joined:
    Aug 11, 2009
    #41
    They work with law enforcement when it is warranted but the project is not designed to "expose" hackers. They focus their time on finding flaws and working with companies on patching them.
     
  17. Kabeyun macrumors 68000

    Kabeyun

    Joined:
    Mar 27, 2004
    Location:
    Eastern USA
    #42
    Lately? No. Ever? Of course.

    And you’ve got my mentality wrong. I’m just saying that it’s folly to expect macOS, or Windows, or Major Linux flavors for that matter, to be delivered with no security flaws at all, nor is it a bad sign for the dev entity that there are ever any.
     
  18. zulkiflim macrumors regular

    zulkiflim

    Joined:
    Jan 6, 2008
    Location:
    Singapore
    #43
    So if Project Zero is good at what they do would imply that Apple software team QA have a lot of issue if they themselves cannot identify these problems

    FaceTime cal bug should have have been easily found before it was rolled out !!

    Apple is really dropping the ball more and more
     
  19. 69Mustang macrumors 603

    69Mustang

    Joined:
    Jan 7, 2014
    Location:
    In between a rock and a hard place
    #44
    I don't agree. Project Zero is good at what they do because it's all they do - search for zero day exploits in all OSes. That's not implication against Apple's software team QA. There hasn't ever, isn't now, nor will there ever be perfect software.

    To say the FT bug should have been easily found suggests a naivete regarding software development. I agree Apple has deficiencies. So does every company. But to say Apple having a bug in it's software is an indicator of anything greater is kinda silly. There are far better examples of problems at Apple than software having a bug. Software is always going to have bugs.
     
  20. Zenithal macrumors 604

    Joined:
    Sep 10, 2009
    #45
    You're thinking of NSO who developed spyware used by the Saudis.
     
  21. mib1800 macrumors 68030

    Joined:
    Sep 16, 2012
    #46
    Then stop with the iPhone is above the rest with security and privacy. Apple is just no better than others. Thinking otherwise just opens yourself up to complacency and false sense of security...which is sad to say applies proportionally far more iPhone users (than Android users)
     
  22. 69Mustang macrumors 603

    69Mustang

    Joined:
    Jan 7, 2014
    Location:
    In between a rock and a hard place
    #47
    I'm guessing you're speaking in general terms, because iPhone is above the rest is a phrase that I've never spoken in my life. It's also a sentiment I've never espoused. iOS vs Android is some fanboy nonsense I don't even acknowledge.
     
  23. mdriftmeyer macrumors 68030

    mdriftmeyer

    Joined:
    Feb 2, 2004
    Location:
    Pacific Northwest
    #48
    Right. Oh sorry, Android is a set of tool kits on top of Linux which is rock solid, zero defects. /s

    Linux is nothing but a constant work-in-progress, often ten steps backwards, two steps forward, rehash, break, break, break--it's free, break, break, fix, new exploits, repeat and rinse.

    Just one of hundreds of common security updates in the world of Linux.

    https://www.debian.org/security/
     
  24. C DM macrumors Sandy Bridge

    Joined:
    Oct 17, 2011
    #49
    There's what someone strives for and what goes into products/services and then there are bugs and issues--apples and oranges, as they say.
    --- Post Merged, Feb 10, 2019 at 9:10 PM ---
    Doesn't really seem like it works as sarcasm either.
     
  25. patent10021 macrumors 68030

    patent10021

    Joined:
    Apr 23, 2004
    #50
    Just to be clear, these are OS related security holes and not hardware security issues like the SEP being hacked or anything like that. OSs are never 100% secure so even though this is not good, it's not surprising. It's good we have these researches looking for vulnerabilities. No one is breaking SEP though.
     

Share This Page