[cba123]

First I had heard of this.

[cba123]

https://news.trust.org/item/20200422150323-tmca0

[George from New England]

Glad to hear that Apple has ‘features’ too.

[ProtectOurFreedom]

Reporting by Christopher Bing in Washingtong and Joseph Menn in San Francisco. Contributions from Jack Stubbs in London and Stephen Nellis in San Francisco; editing by Chris Sanders, Edward Tobin and Sonya Hepinstall.

SEVEN people worked on this article. Three of them did "editing." And still they couldn't find and fix the claim that the two primary reporters are in "Washingtong."

[IncPen]

For your list...

[867V309]

half a billion iPhones vulnerable to hackers.

sword swallower is behind the curve on this apple

[Grimmy]

My cynical self says... not a flaw but a design choice.

had to compete with all the other tech outfits in datamining for dollars.

[Scrambler Bob]

How does this jive with all the Law Enforcement complaints of iphones being totally ‘secure’.

[dayglored]

Hi Swordmaker,

If you can determine which versions of iOS (and if possible which versions of the Mail app) are vulnerable, please publish here.

I’m still using my old trusty 5c with 10.3.3 and no option to upgrade anything about it any more. I’m holding my breath for the upcoming re-release of the model SE. :-). But in the meantime....

[Swordmaker]

This is not the first time Avraham has made this claim. Nor is it the first time he’s made this unsupported assertion: “Avraham, a former Israeli Defense Force security researcher, said he suspected that the hacking technique was part of a chain of malicious programs, the rest undiscovered, which could have given an attacker full remote access.” Actually, no, it could not have.

The Mail App, like all other apps on iOS, runs in a sandbox, sequestered from all other apps and data. In addition, once the iPhone or IPad crashes and restarts, anything an App that crashed it will have been doing is flushed in the restart and the user is required to renter the passcode. To effect anything, an email must be first be opened, and In iOS, NOTHING in email runs automatically, no scripts, etc., so something in the email must be a link clicked on! It’s not automatic; it may look like an empty email, but its not.

ZEC is claiming 0 click and that it works on receipt of the email, and further that it works since iOS 11. I call BS on that. In fact, this looks exactly like the exact same claim they made last year. They claim they were working with Apple on a fix which was incorporated in the last iOS 13.4.5 beta as of April 15th, but if thats so, you don’t knife Apple in the back with a public press release before its actually rolled out! I suspect deliberate FUD.

In fact, ZEC does not even describe it as an “exploit” but always refer to it as a vulnerability, talking about suspicions that something “may” have happened. This was the exact same phrasing they used the last time they announced this “discovery.”

For all of this to work, according to ZEC, requires the attacker to have control of your email server. . . If thats the case, you’ve got more serious problems than someone getting access to some of your contacts and your photos.— PING!

APPLE iOS SECURITY PING!

If you want on or off the Apple/Mac/iOS Ping List, Freepmail me.

[Swordmaker]

“Patrick Wardle, an Apple security expert and former researcher for the U.S. National Security Agency, said the discovery "confirms what has always been somewhat of a rather badly kept secret: that well-resourced adversaries can remotely and silently infect fully patched iOS devices."

This quote is another indicator of this being FUD (Fear, Uncertainty, and Doubt). Wardle is the go to guy when you want a guaranteed anti-Apple security quote from a a so-called “expert.” He’s never had anything positive to say about Apple. He’s “former expert, will say FUD” on demand, results guaranteed or your money back! Wind the crank and it comes out. He’s no “Apple Security Expert” anything except in anti-Apple articles. . .

”Avraham based most of his conclusions on data from "crash reports," which are generated when programs fail in mid-task on a device. He was then able to recreate a technique that caused the controlled crashes.

Two independent security researchers who reviewed ZecOps' discovery found the evidence credible, but said they had not yet fully recreated its findings.”

Here is the nub. . . ZecOP’s work has NOT been peer reviewed or duplicated. AND it is apparent that Avraham does NOT have an in the wild example of an actual weaponized email message ever received by anyone, as he claims he “based his conclusion on crash reports” and then had to recreate a technique to duplicate” what he saw in the crash report!

To put this in English, everything beyond a vulnerability that could possibly be exploited as described, is PURE SPECULATION on Avraham’s part! HYPERBOLE!

[doorgunner69]

As it happens, I cannot use Apple products, I am not ......

[Starcitizen]

Made in Communist China. Data being harvested by the CCP.

[Vaduz]

Nothing now they can’t even stop a hacker from garage door openers nothing is safe.