Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Google, nice to point out the flaws, how about expose the hackers while your at it.
 
Presumption being they knew who the hacker were:rolleyes: Are you familiar with what Project Zero does?

Simple answer yes. Suggesting the next step. I would speculate that a good majority of the hackers are rather easy to find, given the vast resources Google has. The very sophisticated well funded ones the challenge. Nice to deliver blows to low hanging fruit. Also points out the degree of ease the flaw has.
 
Simple answer yes. Suggesting the next step. I would speculate that a good majority of the hackers are rather easy to find, given the vast resources Google has. The very sophisticated well funded ones the challenge. Nice to deliver blows to low hanging fruit. Also points out the degree of ease the flaw has.
None of that makes any sense. Google's resources, like the resource of Microsoft, Apple, Facebook, etc. have no correlation to their ability to find hackers. Besides, I'm pretty sure the math says it makes more sense to mitigate the vulnerabilities instead of wasting resources chasing a person or group of people. Even with that being said, there are groups with resources dedicated to finding hackers. Both gov't and private.

Project Zero's mission of finding zero day exploits is beneficial enough.
 
None of that makes any sense. Google's resources, like the resource of Microsoft, Apple, Facebook, etc. have no correlation to their ability to find hackers. Besides, I'm pretty sure the math says it makes more sense to mitigate the vulnerabilities instead of wasting resources chasing a person or group of people. Even with that being said, there are groups with resources dedicated to finding hackers. Both gov't and private.

Project Zero's mission of finding zero day exploits is beneficial enough.

My point, 90 days after the flaw found until public notified. Public and bad guys who know of the flaw are in most cases unaware the flaw has been found. A perfect time to set a trap. If Google cannot do it then turn over the flaw to not only the developer but to those hunting the hackers. Finding the flaw not enough. Need more aggressive actions on holding the hackers accountable. Hackers have this Robin-hood cult following. When they are just criminals.
 
Every hole in their OS's that Apple closes is a victory. It'd be better if these weren't being used as zero day's, but that is not the way real life in computer or smartphone OS's work (the bad guys are always finding some exploits to use / sell) - so good that Apple closed these as well. Keep it up Apple.
Wouldn't the victory be if there was no "hole" to begin with? This whole "hey, software is buggy right?' but we fixed it" seems like the whole Windows (but you need anti-virus really to use it) non-sense Microsoft found themselves in.
 
I just love when people make suggestions in domains they know nothing about.

Zero Day means that it is an existing vulnerability in a live system. It doesn't mean that there are hackers already exploiting it.

It's like if your neighbor said "I noticed that your upstairs window has a loose piece of glass that could be pried out" and then someone on MR says, "why don't they give you the name of the burglars?" Or even better "why didn't your neighbor set a trap for the burglars?"

Just because a vulnerability exists, doesn't mean anyone has actually exploited it. And it's not Google's job to hunt down criminals.
 
Ambiguous headline. Exploited prior to the patch. Whew.
[doublepost=1549673467][/doublepost]
Wouldn't the victory be if there was no "hole" to begin with? This whole "hey, software is buggy right?' but we fixed it" seems like the whole Windows (but you need anti-virus really to use it) non-sense Microsoft found themselves in.
No such thing as a modern, robust OS with no holes. You’re talking about pie in the sky and an unrealistic standard.
 
  • Like
Reactions: 69Mustang
Contrary to popular believe, iOS is obviously more bug ridden than Android due to its closed proprietary nature.

Even 14 years old kid can discover one major zero day bug is a telltale sign.
 
  • Like
Reactions: can$rules
This is why people should seriously consider upgrading to the newest iOS as long as performance is not severely impacted. Anyone on an iOS 12-compatible device should already be on it. Staying on an older iOS *just* for performance reasons is asking to be exploited - there are plenty of vulnerabilities that aren't even known or published.
 
Ambiguous headline. Exploited prior to the patch. Whew.
[doublepost=1549673467][/doublepost]
No such thing as a modern, robust OS with no holes. You’re talking about pie in the sky and an unrealistic standard.
Well the OP was implying we should be thankfull Apple gets round to fixing things. Your mentality seems to be modern OSs are inherently broken and therefore we should be thankful for what we've got (BTW heard of any day-1 Linux flaws lately?)
 
and google has batched it and notified android manufacturer months ago before releasing the information.

if you phone hasnt batched, dont blame google, call to your android phone manufacturer, so there is no needs for google to ”drive attention” from exploit. google has fixed it.

i don't get your point here.
iOS patched these two exploits and all iOS devices can receive the update now.
Android patched, but updates aren't available for all devices yet.

you're saying, it's fine if Google points out those iOS already-fixed exploits, but i can't point out Google's exploits?

you sound very hypocritical right now.
 
Last edited:
Google, nice to point out the flaws, how about expose the hackers while your at it.
They work with law enforcement when it is warranted but the project is not designed to "expose" hackers. They focus their time on finding flaws and working with companies on patching them.
 
Well the OP was implying we should be thankfull Apple gets round to fixing things. Your mentality seems to be modern OSs are inherently broken and therefore we should be thankful for what we've got (BTW heard of any day-1 Linux flaws lately?)
Lately? No. Ever? Of course.

And you’ve got my mentality wrong. I’m just saying that it’s folly to expect macOS, or Windows, or Major Linux flavors for that matter, to be delivered with no security flaws at all, nor is it a bad sign for the dev entity that there are ever any.
 
I don't think Apple looks bad at all. Project Zero is just good at what they do. I'm glad they are. As long as the exploits are found and fixed, generally speaking, I don't think anyone cares who found them. Apple would only look bad if they got news of an exploit, let it hit the 90 day window without action, and PZ disclosed. 'Til that happens...

So if Project Zero is good at what they do would imply that Apple software team QA have a lot of issue if they themselves cannot identify these problems

FaceTime cal bug should have have been easily found before it was rolled out !!

Apple is really dropping the ball more and more
 
So if Project Zero is good at what they do would imply that Apple software team QA have a lot of issue if they themselves cannot identify these problems

FaceTime cal bug should have have been easily found before it was rolled out !!

Apple is really dropping the ball more and more
I don't agree. Project Zero is good at what they do because it's all they do - search for zero day exploits in all OSes. That's not implication against Apple's software team QA. There hasn't ever, isn't now, nor will there ever be perfect software.

To say the FT bug should have been easily found suggests a naivete regarding software development. I agree Apple has deficiencies. So does every company. But to say Apple having a bug in it's software is an indicator of anything greater is kinda silly. There are far better examples of problems at Apple than software having a bug. Software is always going to have bugs.
 
I’m more interested in the vulnerability the saudis exploited where all they had to do was send a text to p0wn the iPhone of dissidents, a text you didn’t need to open, one without an attachment or bad link. I’ve heard very little about that other than the day it was revealed to have happened.
You're thinking of NSO who developed spyware used by the Saudis.
 
I don't agree. Project Zero is good at what they do because it's all they do - search for zero day exploits in all OSes. That's not implication against Apple's software team QA. There hasn't ever, isn't now, nor will there ever be perfect software.

To say the FT bug should have been easily found suggests a naivete regarding software development. I agree Apple has deficiencies. So does every company. But to say Apple having a bug in it's software is an indicator of anything greater is kinda silly. There are far better examples of problems at Apple than software having a bug. Software is always going to have bugs.

Then stop with the iPhone is above the rest with security and privacy. Apple is just no better than others. Thinking otherwise just opens yourself up to complacency and false sense of security...which is sad to say applies proportionally far more iPhone users (than Android users)
 
Then stop with the iPhone is above the rest with security and privacy. Apple is just no better than others. Thinking otherwise just opens yourself up to complacency and false sense of security...which is sad to say applies proportionally far more iPhone users (than Android users)
I'm guessing you're speaking in general terms, because iPhone is above the rest is a phrase that I've never spoken in my life. It's also a sentiment I've never espoused. iOS vs Android is some fanboy nonsense I don't even acknowledge.
 
Contrary to popular believe, iOS is obviously more bug ridden than Android due to its closed proprietary nature.

Even 14 years old kid can discover one major zero day bug is a telltale sign.

Right. Oh sorry, Android is a set of tool kits on top of Linux which is rock solid, zero defects. /s

Linux is nothing but a constant work-in-progress, often ten steps backwards, two steps forward, rehash, break, break, break--it's free, break, break, fix, new exploits, repeat and rinse.

Just one of hundreds of common security updates in the world of Linux.

https://www.debian.org/security/
 
Then stop with the iPhone is above the rest with security and privacy. Apple is just no better than others. Thinking otherwise just opens yourself up to complacency and false sense of security...which is sad to say applies proportionally far more iPhone users (than Android users)
There's what someone strives for and what goes into products/services and then there are bugs and issues--apples and oranges, as they say.
[doublepost=1549861847][/doublepost]
Someone needs to reboot their sarcasm detector.
Doesn't really seem like it works as sarcasm either.
 
Just to be clear, these are OS related security holes and not hardware security issues like the SEP being hacked or anything like that. OSs are never 100% secure so even though this is not good, it's not surprising. It's good we have these researches looking for vulnerabilities. No one is breaking SEP though.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.