Yeah this should have been published sooner. Instead Apple sat on in until they started forcing people to upgrade from iOS 14. Almost seems like this is Apple's way of trying to convince people to make the upgrade.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iOS 15 Patched Security Hole That Potentially Exposed Users' Private Apple ID Information to Third-Party Apps
- Thread starter MacRumors
- Start date
- Sort by reaction score
An early version was found hidden in iOS 14.3 and reverse engineered by somebody who must be pretty smart.
NeuralHash code found in iOS 14.3, Apple: not the one we’ll use for CSAM Photo Scanning
Apple previewed the CSAM detection system for iOS, iPadOS, and macOS earlier…
pocketnow.com
Once the hacker community gets a good look at this, all bets are off.
One question that I’ve never seen answered: how is Apple going to stop this from being turned into a surveillance tool when a government says “Use this database and send the matches to this address, or you can’t sell your phone here.”
The code is there but Apple said it isn't the one they're going to use for scanning in Photos.An early version was found hidden in iOS 14.3 and reverse engineered by somebody who must be pretty smart.
NeuralHash code found in iOS 14.3, Apple: not the one we’ll use for CSAM Photo Scanning
Apple previewed the CSAM detection system for iOS, iPadOS, and macOS earlier…
Once the hacker community gets a good look at this, all bets are off.
One question that I’ve never seen answered: how is Apple going to stop this from being turned into a surveillance tool when a government says “Use this database and send the matches to this address, or you can’t sell your phone here.”
"Apple however told Motherboard in an email that that version analyzed by users on GitHub is a generic version, and not the one final version that will be used for iCloud Photos CSAM detection. Apple said that it also made the algorithm public."
Apple Says NeuralHash Tech Impacted by 'Hash Collisions' Is Not the Version Used for CSAM Detection
Developer Asuhariet Yvgar this morning said that he had reverse-engineered the NeuralHash algorithm that Apple is using to detect Child Sexual Abuse...
www.macrumors.com
I think it enforces the App Store-Is-A-Safe-Walled-Garden narrative. There was an exploit, but they didn't approve any apps to use the exploit. If there were other App Stores, then they might not have even know about the exploit, and let those apps in.
The types of security holes/exploits we are seeing across the board right now are worrying.
Went into my ‘Passwords’ in Settings today and discovered that a whole lot of websites have been compromised.
I wonder if Apple, Google etc…can keep up with all of it, more so worried about smaller websites/forums that are run by a few people.
Edit:
This video seems to explain it well
Went into my ‘Passwords’ in Settings today and discovered that a whole lot of websites have been compromised.
I wonder if Apple, Google etc…can keep up with all of it, more so worried about smaller websites/forums that are run by a few people.
Edit:
This video seems to explain it well
Last edited:
Ah. Thanks for the information. Still, I think those of us holding out on iOS 14 are sending a message to Apple.
May I recommend to you the new Apple iGlasses? Only $3,499 with 128GB, or $3,999 with 256GB.
No one will be forcing you to sideload apps, you will still be able to download exclusively from your precious Apple app store.
Hey, but we do "privacy and security" best, just trust us (and keep on paying the 15/30% Apple Tax).
Just like no one is forcing you(the royal you) to accept Apple as it is. There is always android that does exactly what some people want.
I don't accept Apple as it is. I am rooting for the new bill in front of the senate that will allow sideloading.
Seems like there are significant hurdles, like support to overcome...according to the WSJ. I'm hoping it will die on the vine, but we will see.
This is a terrible lie because the curated and locked down nature of iOS protects us from bad actors in the first place. That's literally Apple's argument against recent court cases.
iOS14 would've been fine is Apple had integrity and accountability, and kept what they said about continuing support for iOS14 alongside iOS15.
They wouldn't stop it. Apple was just virtue signaling, while they literally set the system to wash off their hands if the system is misused. They literally said they're just matching hashes, and they won't know what the database contain. They're setting themselves for plausible deniability. And we already know that Apple will follow what local laws require (Chinese iCloud servers, Pre-installed local apps in Russia, S.Korean requirement for alternative payment, etc).
Do people still not realize nothing on your phone is obligatory? No one is forcing you do use any functionality you don't want. Why does it affect you that some people want to use the phone they paid with their money differently from you?
Why does it affect you that some people want to use the phone they paid with their money differently from you?
That question can be asked the same way to you. All iOS users are using the same wall, the same platform. If you wanted a hole in it to poke something through, other users will also have the hole whether they want to poke something through it or not since everybody is on the same wall, the same platform. A hole is a hole. You are basically forcing your preference of having a hole in the wall for everybody else.
I'm not concerned about me, I'm security-conscious and cautious. It's everyone else I'm worried about, the ones who uncritically will sideload a free game or the pseudosmart user who's just the right amount of smart to get into trouble, but unaware and naive enough not to realise it. It will be them who will get their phones riddled with malware and ransomware, not me.
I don't want iPhone to turn into the malwared mess Android is. I suggest you get yourself one of those phones. I hear the AV-apps and anti-malware apps is great for battery life!
Sorry but that argument makes no sense. There's no "hole" with you to interact if you stay on App Store strictly. You have to at least download malware in order for it to affect you.
Also people keep forgetting that MacOS isn't locked like iOS and everyone's just fine...
Also people keep forgetting that MacOS isn't locked like iOS and everyone's just fine...
How much experience with Android do you have? I've used it for 10+ years and almost everyone I know (including my mother who can't stop opening clickbait articles) is still there and I haven't heard of a single instance where someone caught a virus or malware. Not everything companies advertise is true.
Sorry but that argument makes no sense. There's no "hole" with you to interact if you stay on App Store strictly. You have to at least download malware in order for it to affect you.
Also people keep forgetting that MacOS isn't locked like iOS and everyone's just fine...