No way to know for sure, unless someone goes public about being exploited. I would rather stay up to date even if the chance is remote, than get complacent and possibly pay a big price down the line.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iOS 14.4 Patches Vulnerabilities That May Have Been Actively Exploited
- Thread starter MacRumors
- Start date
- Sort by reaction score
I don't know it its a joke or not, but I still have access to my Telegram account....
On another thread touching upon “planned obsolescence” I went on a legacy iPad Air I still use to check for updates. They do keep them quite up to date, mine was updated in December and there was a new one already:
I think that for the ideal hack or exploit, you would never know. Most silent activities will probably be collecting your email, phone number, also those of your contacts, reconstructing your SSN, selling that info, getting tax credits or enquiries, etc
Some might be able to reconstruct credit card numbers, make tiny purchases, those that make you wonder “when did I buy this $3 thing?”, they might even do it on the same super markets found in account statements, etc
I’m always paranoid when I don’t recognize a posted charge, it has happened twice in my lifetime where the bank calls me to enquiry about a couple last transactions to confirm if I did them; if I didn’t, card number is compromised and blocked. They have super clever ways to detect this though because myself I was confused about those charges and they were quite confident that it might not have been me.
However it is my understanding that at least the banks case, it tends to be originated from the inside... some corrupt person, a disgruntled employee, legit human error mistake or a downright sneaky attack on their servers.
Safari is a buggy and security ridden mess. I fired it and replaced it with Chrome based browser on my MBA M1.
No, can’t recall that I do. Since Apple releases security updates for the past two macOS versions in addition to the current one, I stayed on Mojave until Big Sur came out.
However, if security fixes weren’t available for Mojave, I would have endured Catalina’s bugs in order to stay up to date.
Nah, High Sierra was worse than Catalina. High Sierra had the root password vulnerability.
Kudos for Apple/iOS - my iOS iPad Mini 2 (2014!) has an update from 12. to 12.5.1. Take THAT Android. LOL. This is sort of a trusty (wifi only) backup when traveling and the basics - web, email, text, even iMovie : ), cloud services. MSOFFICE - slowing down but still kicking'. And just like on my up to date phone, this update takes unusually long to install.
Last edited:
There IS an update to 12.5.1 out right now so I assume it would well address the same vulnerabilities, at least to some extent.
RUNNING just fine? Sure. Are they exposed to potential exploits? Yes. Does it matter? It ONLY matters if they’re attacked. Some people seem to leave their house keys under their doormats just fine, but it’s only fine until someone checks under their doormat.
Real hackers never let you know your phone was hacked.
If you're interested, you can check out Google Project Zero's blog for real cases here.
It's a tradeoff either way: don't update immediately and you expose yourself to security vulnerabilities. Update immediately and you have to deal with whatever bugs slipped in.
Nope - so far my machines are still running Mojave
Real-world attacks aren't normally done in a manner that will tell you you've been attacked. Ransomware is an exception, and pretty much the only one that tells you "you've been hacked".
After that, its hoping malicious software scans pick up something - but anyone competent will already have verified that their code doesn't trigger those detections. Once they do, those attacks stop being used because you do not want to tip off your target that you are trying to break in.
Some attacks are after information on your device. Whether thats passwords, bank account details, or confidential information on the upcoming iPhone. So they harvest that, and stay quiet. Some attackers will even purge themselves from your system once they're done.
But many also use your device as a staging ground for attacks against other systems. Systems that may otherwise be inaccessible.
Note: Those systems don't have to be of the same type. An iOS device could be used to gain access to an internal Linux or Windows server, or the control software of a Nuclear plant.
Last edited:
Maybe check this page in the following days: Choose an IPSW for the iPhone 6 / IPSW Downloads
It tracks all the Apple Silicon update files.
Don't be silly. Android devices get browser updates through app store like MacOS and not backwards way through OS updates. They're laughing at you that you have to wait for an OS update to update your browser and have to reboot your device. LOL
Last edited:
Unlikely. 12.5.1 was released two weeks ago and did not include any published security fixes. See:
Apple security releases - Apple Support
This document lists security updates and Rapid Security Responses for Apple software.
This just means that the vulnerability was discovered by a researcher..... it is no worse than an unknown vulnerability which is exploited by an attacker......
People always panic at the word zero-day and usually those people are non-technical. Now if the vulnerability were being exploited in mass (e.g. via text message, etc.) or was wormable it would be a bigger issue.
We have to rely on Apple being honest and being exploited in the wild could literally be the fact that the researcher discovered it. Apple is no more honest that Google or Microsoft, their bottom line is what matters. But on the plus side, the fact that they care about security when it becomes known is a plus.... versus some companies never patching [looking at every Android phone vendor].
Until recently that's exactly what it was. We don't know yet for how long it has potentially been exploited before it was discovered. It's the worst kind of vulnerability.
We don't know how widely it was exploited either.
No.
Please explain "no".
We literally have to believe Apple that it is being exploited in the wild since they aren't providing any further information other than "it's being exploited in the wild."
A researcher discovering a vulnerability is not an active exploit. We will soon get more details.