Depends what kind of security you're talking about. Security against receiving unwanted messages, maybe. I've never used Signal, so idk. Btw, iMessage is supposedly end-to-end encrypted with a key Apple never holds, but there's no reason to believe the claim.
"cannot be rendered properly", okay, fine, misteaks hapen soemtimes. But "leads to system crashing"? Really? For like the fourth time? No! Go through this code and make it stop making assumptions, and sanity check the inputs. At best it should be displaying an empty black frame to indicate "there's one or more characters here that I can't decode or figure out how to display". But it feels like they're putting additional band-aids on a library to fix specific bugs found, rather than saying, "displaying Unicode is crashing the OS a second time? We need a team to audit the entire library." This is like what Microsoft was doing with Win98 and security, "oh, someone found a way in? let's patch that one way in" (rinse/repeat one thousand times).this particular Unicode string cannot be rendered properly and leads to system crashing.
It's probably the layout of one or more characters cascading to improper layouts of other things, causing a crash. I don't know why they can't catch this, but I would assume the iOS and Android devs aren't incompetent. Text layout with full accessibility and other support is complicated."cannot be rendered properly", okay, fine, misteaks hapen soemtimes. But "leads to system crashing"? Really? For like the fourth time? No! Go through this code and make it stop making assumptions, and sanity check the inputs. At best it should be displaying an empty black frame to indicate "there's one or more characters here that I can't decode or figure out how to display". But it feels like they're putting additional band-aids on a library to fix specific bugs found, rather than saying, "displaying Unicode is crashing the OS a second time? We need a team to audit the entire library." This is like what Microsoft was doing with Win98 and security, "oh, someone found a way in? let's patch that one way in" (rinse/repeat one thousand times).
That doesn't fix this problem. It also would not allow me to message anyone I know in real life, lol.Better solution = use signal and delete any non-private messaging app
Well that doesn't matter here. It's about getting malicious messages. If anything, privacy guarantees make that harder to enforce.The security of no one else being capable of reading your messages. Unlike iMessage, everyone can check Signal's source code for proof.
To my understanding, you are correct about this being caused by thousands of control characters with a width of zeroSo, if this is the same issue as the Android one, then it's not like the Telugu bug, which was a legitimate character string that was failing, but something designed deliberately to crash a renderer by embedding thousands of control characters within a message. But, if that's the case and that you can't crash messages by simply sending a black spot and a pointing emoji to someone, then how does it propagate?
According to the artice it affects Android as well.
Maybe we shall throw all smartphones out the window?
I’m pretty sure it doesn’t compete with Signal from a security standpoint.
You first!According to the artice it affects Android as well.
Maybe we shall throw all smartphones out the window?
Signal has its own problems. See the thread above.
How so? iMessage is totally encrypted and tokenized. Add the fact that it's already integrated into every iOS device and auto-sends as SMS when the receiver needs it, I don't see how anything else could possibly be better. Any service that requires me to ask someone to download the app so I can message them isn't worth using IMO.I’m pretty sure it doesn’t compete with Signal from a security standpoint.
Maybe an easier solution: Delete the actual message from Messages on your Mac.
How so? iMessage is totally encrypted and tokenized. Add the fact that it's already integrated into every iOS device and auto-sends as SMS when the receiver needs it, I don't see how anything else could possibly be better. Any service that requires me to ask someone to download the app so I can message them isn't worth using IMO.
I’m pretty sure it doesn’t compete with Signal from a security standpoint.
How so? iMessage is totally encrypted and tokenized. Add the fact that it's already integrated into every iOS device and auto-sends as SMS when the receiver needs it, I don't see how anything else could possibly be better. Any service that requires me to ask someone to download the app so I can message them isn't worth using IMO.
Until we get iMessage in the cloud, deleting a conversation on one device leaves it intact on the others.Maybe an easier solution: Delete the actual message from Messages on your Mac.
You do realize that iMessage has end-to-end encryption, right?Better solution = use signal and delete any non-private messaging app
Alternative facts and sensationalism, as they say.Hangouts, at least on Android, has never been affected by these frequent iMessage vulnerabilities. You'd think people would stop using iMessage and switch to something else after the first infection or first few infections like with STDs.
It's crazy how iOS 11 even affects Android....and another issue with iOS 11!
This is getting a little ridiculous. We will have another patch coming up in the next couple days probably and then next week most likely iOS 11.4. Obviously they might just combine the patch into iOS 11.4, but still...this is getting crazy.
iPhone 5 with iOS 6 here...immune to any and all of these issues hahaiPhone 4 with iOS 7 here, immune to this problem.
But not some others.iPhone 5 with iOS 6 here...immune to any and all of these issues haha
iPhone 5 with iOS 6 here...immune to any and all of these issues haha
Oh, give me a break... if we're just going to say "well I don't believe them" then this entire conversation is pointless. Until Apple shows me otherwise, I believe them when they say it's tokenized. They have never given me any reason to assume otherwise, especially when they don't make their money on data mining. Facebook, on the other hand, has given us a LOT of reasons to distrust them and makes all of their money on data mining.Yeah, that’s what they tell you. (Facebook tells us the same thing about WhatsApp btw, now would you trust them?) It’s closed sourced so no one knows what’s in the code. Signal on the other hand though is open source and anyone can check exactly how it works.
It doesn't affect stock messaging apps or Google messaging apps on Android (I just tried it on my Note 8), only WhatsApp appears to be impacted on Android at this point.According to the artice it affects Android as well.
Maybe we shall throw all smartphones out the window?