•   
  •   

Tech & Science The stakes are too high for Apple to spin the iPhone exploits

06:06  07 september  2019
06:06  07 september  2019 Source:   theverge.com

The secret persuader: How brilliant British spymaster who invented 007's martini used 21st century spin and fake news to lure America into World War 2

The secret persuader: How brilliant British spymaster who invented 007's martini used 21st century spin and fake news to lure America into World War 2 'Bill' Stephenson was later hailed by Fleming as one of his inspirations for Bond. Indeed, it was Stephenson's very recipe for a gin martini which inspired the 'shaken not stirred' catchphrase.

Google discovered iPhone exploits in the wild. Today, Apple is back with a bristling statement — but it wasn’t exactly reassuring about iPhone security. First, let’s talk about what Apple did confirm. When Google originally published detailed information about the iOS exploits , it conspicuously did not say

Today, Apple responded to Google’s discovery of a major iPhone security flaw with a bristling statement that accused its rival of creating “false impressions.”. But Apple did very little to clear up those false impressions, and seems to have created some of its own

The stakes are too high for Apple to spin the iPhone exploits© Illustration by Alex Castro / The Verge

Today, Apple responded to Google’s discovery of a major iPhone security flaw with a bristling statement that accused its rival of creating “false impressions.” But Apple did very little to clear up those false impressions, and seems to have created some of its own, as we’ll see by taking a close read.

First, let’s talk about what Apple did confirm. When Google originally published detailed information about the iOS exploits, it conspicuously did not say specifically why they were created or who they were targeted at. Following Google’s disclosure, TechCrunch reported that the exploits were part of a state-sponsored attack that was meant to target China’s minority Uighur population. (The attackers also reportedly targeted Android and Windows devices.) It has been widely reported that China is persecuting the Uighur minority in the country with torture, internment, and surveillance; just yesterday, Reuters and CNN reported that China is trying to hack telecoms to track Uighurs across Asia. So there’s plenty of looming context regarding the potential source and aim of iOS exploits like the one disclosed by Google.

Spider-Man TV spin-offs confirmed to be in the works by Sony

Spider-Man TV spin-offs confirmed to be in the works by Sony MCU, who?

The stakes are too high for Apple to spin the iPhone exploits (theverge.com).

The stakes are too high for Apple to spin the iPhone exploits . First, let’s talk about what Apple did confirm. When Google originally published detailed information about the iOS exploits , it conspicuously did not say specifically why they were created or who they were targeted at.

Apple confirmed today that the iOS exploits indeed were targeted at Uighurs; Apple says that they “affected fewer than a dozen websites that focus on content related to the Uighur community.” But Apple’s framing minimizes the context and potential consequences of the exploit against that community in favor of irritation at Google’s blog post and the subsequent media coverage.

Where does the Apple Watch go next?

Where does the Apple Watch go next? Iterative updates look like the future for top smartwatch

Can you stop the spinning wheel on an iPhone ? Here are 4 ways to fix iPhone stuck on Apple logo/black screen with a loading circle with or without data loss. iPhone being stuck on a black screen with a spinning wheel (a loading screen) is not a rare problem.

The stakes are too high for Apple to spin the … 06.09.2019 · Google discovered iPhone exploits in the wild. Today, Apple is back with a bristling statement — but it wasn’t exactly reassuring about iPhone security.

To its credit, Apple did disclose and confirm the exploit targeted the Uighur community, which Google did not do. But Apple’s statement is almost entirely focused on Google’s perceived failings, instead of the ongoing persecution of a religious minority in China, which is one of Apple’s largest markets and also the focus of an ongoing trade war that directly implicates the company’s products.

Several times in today’s statement, Apple takes something Google itself said and spins it as an act of omission.

Apple:

First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones “en masse” as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community.

Google:

Earlier this year Google’s Threat Analysis Group (TAG) discovered a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using iPhone 0-day.

How To Watch Apple's iPhone 11 Event Live In Australia

How To Watch Apple's iPhone 11 Event Live In Australia Apple has finally announced the date of its iPhone 11 event and it will fall on September 11 in Australia (September 10 for the United States). The event is strictly invite-only, meaning only journalists and those in the industry will be in attendance. So, how do us regular folk tune in to see what Apple's got in store for us this year? Let's find out. What time is the Apple iPhone 11 event? Apple's iPhone 11 unveiling is due to start at 10am on Tuesday, September 10 in California. For Australians, that converts to 3am on Wednesday, September 11 AEST. (Western Australians have things slightly easier, with a 1am start.) require(["inlineoutstreamAd", "c.

Exploit acquisition platform Zerodium has shared that it has an oversupply of a few types of iOS and Safari flaws, to the point that it has stopped taking submissions from researchers for the “next 2 to 3 months.”.

Apple ’s iPhone 8 will have several similar features to the Galaxy Note 8, which will undoubtedly cause many to draw comparisons. And if it appears Apple ’s iPhone 8 is still behind Samsung’s best effort of the year, what does that say about Apple ? To the company’s millions of fans, perhaps nothing.

Here Apple repeats Google’s own original claim, but spins it by connecting it to a line later in Google’s piece about the attack being “en masse.” Reasonable people may disagree about the scope of “en masse,” which means both “a group” and “all together,” but Google certainly did not omit information about the vector of the attack.

Apple:

Google’s post, issued six months after iOS patches were released, creates the false impression of “mass exploitation” to “monitor the private activities of entire populations in real time,” stoking fear among all iPhone users that their devices had been compromised.

Google:

Real users make risk decisions based on the public perception of the security of these devices. The reality remains that security protections will never eliminate the risk of attack if you’re being targeted. To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group. All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them.

Apple reveals triple-camera iPhone; $5 monthly streaming TV undercuts Disney

Apple reveals triple-camera iPhone; $5 monthly streaming TV undercuts Disney Apple reveals triple-camera iPhone; $5 monthly streaming TV undercuts Disney

[...]

I shan’t get into a discussion of whether these exploits cost $1 million, $2 million, or $20 million. I will instead suggest that all of those price tags seem low for the capability to target and monitor the private activities of entire populations in real time.

Apple takes Google’s quotes here completely out of context. Google is talking about the perception of risk and the inherent vulnerability of computing, which is not really up for debate. It’s also talking about the mass targeting of a specific community; as we learned today, that community happens to be a religious minority being actively persecuted in China. It’s bizarre that Apple marginalizes them here by ignoring the nuance of the attack and extrapolating Google’s concerns to “all iPhone users.”

Apple:

Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not “two years” as Google implies.

Google:

TAG was able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12. This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years.

[...]

Initial analysis indicated that at least one of the privilege escalation chains was still 0-day and unpatched at the time of discovery (CVE-2019-7287 & CVE-2019-7286). We reported these issues to Apple with a 7-day deadline on 1 Feb 2019, which resulted in the out-of-band release of iOS 12.1.4 on 7 Feb 2019. We also shared the complete details with Apple, which were disclosed publicly on 7 Feb 2019.

Everything Apple Announced Today (That Actually Matters)

Everything Apple Announced Today (That Actually Matters) It’s Apple Day. I’m not at the glass doughnut Apple Park, but I did watch the livestream from two devices at once, so I got double the exposure to Apple’s Reality Distortion Field as everyone else. 

Where does Google imply the website attacks were operational for two years? Google explicitly says their evidence indicated “a group making a sustained effort” over those two years, not that iPhone users were compromised that whole time, and points to its disclosure of those vulnerabilities to Apple. Apple’s reading here is disingenuous at best.

Google:

There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.

Apple:

Regardless of the scale of the attack, we take the safety and security of all users extremely seriously.

Apple has not earned a “regardless” here. It has given us no idea of the actual scale of the attack. It does not even respond to Google’s estimate that thousands of visitors may have been affected per week. Even if we take Apple’s word that the exploit was only operational for two months, that’s potentially tens of thousands (or more) of unwitting victims who are members of a vulnerable population that is currently being targeted by a repressive government. “Taking the safety and security of all users extremely seriously” would keep the focus on the users under attack, not the Google researchers who discovered the exploits.

Read more

Why Apple made the unusual move to sell its streaming service for next to nothing.
Apple TV+ is cheaper than any other major streaming service due to its small video library and mission to sell more Apple hardware.

Topical videos:

usr: 3
This is interesting!