Apple Issues Emergency Security Updates to Close a Spyware Flaw(nytimes.com)
nytimes.com
Apple Issues Emergency Security Updates to Close a Spyware Flaw
https://www.nytimes.com/2021/09/13/technology/apple-software-update-spyware-nso-group.html
17 comments
As the story clearly indicates, they re-examined backups and recently made a very valuable discovery that everyone should be extremely thankful for. And Apple turned around a worldwide patch for a billion plus devices in less than a week after being notified.
I'd rather the flaw wasn't there in the first place, but a remarkable effort by both parties given that it was there.
I'd rather the flaw wasn't there in the first place, but a remarkable effort by both parties given that it was there.
That's fair. I am appreciative. I was just shocked by the timeline but glad this was resolved
immediately after the bit you quote:
> Recent re-analysis of the backup yielded
Further down has the timeline of when Apple was informed and acted.
EDIT: and for completeness link to the mentioned other discussion, which makes this a dupe: https://news.ycombinator.com/item?id=28516095
> Recent re-analysis of the backup yielded
Further down has the timeline of when Apple was informed and acted.
EDIT: and for completeness link to the mentioned other discussion, which makes this a dupe: https://news.ycombinator.com/item?id=28516095
Maybe the fearmongers are right, and we've truly reached a post-privacy world. Frankly, I don't know how else you'd describe it: your phone, smartwatch or computer can all be silently hacked without your knowledge (or any easy way to verify that you're infected). You can't visualize or control how your personal data is propagated, and the cherry on top is that it's all a laissez-faire exploit carnival. I don't know if it's fair to call Apple culpable here, but it is fair to say that your phone (and data) is at risk.
On a sidenote: If you would like to read this article without giving away your email address or signing in, activate the 'Reader' option in your browser.
Or disable JavaScript.
Or install the bypass news paywalls extension. https://github.com/iamadamdev?tab=repositories
Or go to your local newsstand, pick up a copy, and leave without paying for it.
It should be mandatory to notify people if they've been exploited when updating, also give better info on this incident no?
A normal smaller tech company is expected to create an advanced description of what happened. Apple doesn't give any info at all to regular users, no one i know has heard about this, not even seen a "very important to update" message, just a silent "update 11.6".
In my mind everyone with an Apple device should get a huge warning pop up on their screen with the text "everything on your computer has been potentially compromised - update now to remedy (for now at least)" in all caps.
A normal smaller tech company is expected to create an advanced description of what happened. Apple doesn't give any info at all to regular users, no one i know has heard about this, not even seen a "very important to update" message, just a silent "update 11.6".
In my mind everyone with an Apple device should get a huge warning pop up on their screen with the text "everything on your computer has been potentially compromised - update now to remedy (for now at least)" in all caps.
iOS 14.8: https://support.apple.com/en-us/HT212807
macOS 11.6: https://support.apple.com/en-us/HT212804
macOS 11.6: https://support.apple.com/en-us/HT212804
less_corn(2)
It's September. The NYTimes says: "Apple’s security team has been working around the clock to develop a fix since Tuesday, after researchers at Citizen Lab, a cybersecurity watchdog organization at the University of Toronto, discovered that a Saudi activist’s iPhone had been infected with spyware from NSO Group."
So has Apple been sitting on this since March, or has CitizenLab?
[1] https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage...