1. Forum
  2. Usenet
  3. COMP.MOBILE.ANDROID

  • Re: Careless Apple FINALLY patches iPhone exploit that allowed for 'ext

    From Marion@21:1/5 to Warren on Tue Feb 11 17:01:46 2025
    XPost: misc.phone.mobile.iphone, comp.os.linux.advocacy, sac.politics
    XPost: talk.politics.guns

    On Tue, 11 Feb 2025 09:31:36 -0000 (UTC), Warren wrote :


    So, unless your device was hijacked by “extremely
    sophisticated” attackers, there was nothing to panic about even before Monday’s update.

    The problem isn't so much that Apple's iPhone is the most exploited mobile phone every day of every month for over 5 years non-stop zero-days...
    <https://www.cisa.gov/known-exploited-vulnerabilities-catalog>

    No. The problem is people believe Apple's brazen lies that it's not the
    most insecure phone out there. Far more zero days on iPhone than Android.

    Google's Project Zero proved Apple has *never* tested most of the iOS code!
    <https://cyberscoop.com/iphone-hack-google-project-zero/>

    Sure, Android isn't secure either - but the real problem is Apple makes
    people *feel safe* with the iPhone even though it's far worse than Android.

    Instead of *testing* for insecurities, which Google proved Apple has never performed on tons of iOS code, Apple spends money *advertising* it instead.
    <https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html>

    One of the reasons the iPhone is the most insecure phone out there is that Apple only fully hotfix patches one release and one release only.

    Not two. Not three. Not four.... Just one release & one release only.
    <https://screenrant.com/apple-product-security-update-lifespan/>

    So if your phone is on, oh, say, iOS 16, then it's full of holes that Apple knows about which Apple could fix but Apple never bothers to fix them.
    <https://hothardware.com/news/apple-admits-only-fully-patches-security-flaws-in-latest-os-releases>

    Apple doesn't care about you as long as you *believe* that it's the most
    secure phone, even as only Apple doesn't fully patch more than one release.
    <https://arstechnica.com/gadgets/2022/10/apple-clarifies-security-update-policy-only-the-latest-oses-are-fully-patched/>

    Yes, you heard that right. While Microsoft, Samsung & Google will fully
    patch multiple releases at the same time, Apple has *never* done that ever!
    <https://support.apple.com/guide/deployment/about-software-updates-depc4c80847a/>

    But even the fact Apple's support is the worst in the industry (yes, you
    heard that right too) isn't known to the vast majority of iPhone owners.

    Take Apple's own written promise that the EU forced every company who sells smartphones to submit, which says Apple only fully supports iOS for 5 years while both Google & Samsung fully support Pixels & Galaxies for 7 years.
    <https://www.cnet.com/tech/mobile/samsung-extends-android-and-security-updates-to-7-years/>
    <https://www.tomsguide.com/opinion/google-pixel-8-software-updates>

    Not just 7 years mind you, but 7 years and up to 7 releases, where Apple's
    full support is 5 years and never more than a single iOS release at a time.
    <https://www.cnet.com/tech/mobile/apple-reveals-its-iphone-gets-at-least-five-years-of-security-updates/>

    The sad fact is people actually think iOS is secure - when it's not.
    They believe Apple has the best support - when it's actually the worst!

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From MummyChunk@21:1/5 to All on Wed Feb 12 21:40:11 2025
    Warren wrote:
    A new iPhone update patches a flaw that could allow an attacker to turn
    off a nearly seven-year-old USB security feature. Apple's release notes
    for iOS 18.3.1 and iPadOS 18.3.1 say the bug, which allowed the
    deactivation of USB Restricted Mode, "may have been exploited in an
    extremely sophisticated attack against specific targeted individuals."

    The release notes describe the now-patched security flaw as allowing "a physical attack," which suggests the attacker needed the device in hand to exploit it. So, unless your device was hijacked by "extremely
    sophisticated" attackers, there was nothing to panic about even before Monday's update.

    USB Restricted Mode, introduced in iOS 11.4.1, prevents USB accessories
    from accessing your device's data if it hasn't been unlocked for an hour.
    The idea is to protect your iPhone or iPad from law enforcement devices
    like Cellebrite and Graykey. It's also the reason for the message asking
    you to unlock your device before connecting it to a Mac or Windows PC.

    Aligned with its typical policy, Apple didn't detail who or what entity
    used the attack in the wild, only noting that the company is "aware of a report that this issue may have been exploited." Security researcher Bill Marczak of the University of Toronto's Citizen Lab reported the flaw. In 2016, while in grad school, he discovered the iPhone's first known zero-
    day remote jailbreak, which a cyberwarfare company sold to governments.

    You can make sure USB Restricted Mode is activated by heading to Settings
    Face ID (or Touch ID) & Passcode. Scroll down to "Accessories" in the
    list and ensure the toggle is off, which it is by default. Somewhat confusingly, toggling the setting off means the security feature is on because it lists features with allowed access.

    As usual, you can install the update by heading to Settings > General

    Software Update on your iPhone or iPad.

    Smarter people will just buy a much superior Android and take the other
    half out to a very nice dinner.

    https://www.engadget.com/cybersecurity/apple-patches-iphone-exploit-that- allowed-for-extremely-sophisticated-attack-214237852.html


    In these situations - do LEO agencies you them to unlock all the iPhones they have been holding on to for years?


    This is a response to the post seen at: http://www.jlaforums.com/viewtopic.php?p=683625707#683625707

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)