Free Republic

Remote exploitation can be achieved with no user interaction. Five bugs in Apple’s iMessage service for the iPhone have been uncovered that require no user interaction to exploit, including one that would allow remote attackers to access content stored on iOS devices. First discovered by Google Project Zero security researcher Natalie Silvanovich, Apple has fully patched four of the flaws as part of the 12.4 iOS update. CVE-2019-8646 is the bug that allows an attacker to read files off a remote device with no user interaction. An exploit could leak the SMS database, binary files like images and more. Silvanovich...

A new excerpt from former White House communications staffer Cliff Sims' new memoir emerged in Vanity Fair, and this one focused on a very special member of President Trump's Team of Vipers: Kellyanne Conway. Sims doesn't appear to be a fan: As I watched Kellyanne in operation over our time in the White House, my view of her sharpened. It became hard to look long at her without getting the sense that she was a cartoon villain brought to life. Her agenda — which was her survival over all others, including the president — became more and more transparent. [Cliff...

The iMessage vulnerability got a lot of attention, but another bug allows for remote execution over Wi-Fi, which is a much bigger threat. Apple released new versions of several operating system products earlier this week, fixing vulnerabilities in OS X El Capitan and iOS 9 among others. Because encryption and Apple are big news these days, the attention mostly went to an admittedly interesting flaw in Apple's encryption for iMessage, reported by a research team, led by well-known cryptographer Matthew Green. But the bug is not an easy one to exploit and doesn't even expose a lot. There are much...

A group of Johns Hopkins University researchers found a bug in Apple’s encryptionthat would let a skilled attacker decrypt photos and videos that were sent as secure instant messages. (Matthias Schrader/AP) Apple’s growing arsenal of encryption techniques — shielding data on devices as well as real-time video calls and instant messages — has spurred the U.S. government to sound the alarm that such tools are putting the communications of terrorists and criminals out of the reach of law enforcement. But a group of Johns Hopkins University researchers has found a bug in the company’s vaunted encryption, one that would enable...

BlackBerry's CEO John Chen wants companies to stop "discriminatory practices" against BlackBerry by not allowing them to use certain apps. Chen called out Apple and Netflix in a blog post about net neutrality and what he called a "two-tiered wireless broadband ecosystem" where developers create apps only for iOS and Android devices. "Unlike BlackBerry, which allows iPhone users to download and use our BBM service, Apple does not allow BlackBerry or Android users to download Apple's iMessage messaging service," he wrote. Apple's iMessage service is only available to customers using the company's ecosystem of devices. Calling out Netflix, Chen said...

The U.S. government is struggling to crack into Apple's encrypted messaging system for domestic lawful wiretapping, according to an internal U.S. Drug Enforcement Agency (DEA) document. Because Apple stores data sent over iMessage and runs the service and encryption in-house, the iPhone and iPad maker is still open to being served a subpoena or a court-ordered search warrant. As a result, Apple is also lagging behind other companies on transparency by not disclosing how many government requests have been made.