Most active commenters
  • saagarjha(4)

←back to thread

Memory Integrity Enforcement

(security.apple.com)
458 points circuit | 15 comments | 09 Sep 25 18:25 UTC | HN request time: 0.001s | source | bottom
1. randyrand ◴[09 Sep 25 21:33 UTC] No.45189525[source]
> There has never been a successful, widespread malware attack against iPhone. The only system-level iOS attacks we observe in the wild come from mercenary spyware ... to target a very small number of specific individuals and their devices. Although the vast majority of users will never be targeted in this way..

Correct me if I'm wrong, but the spyware that has been developed certainly could be applied at scale at the push of a button with basic modification. They just have chosen not to at this time. I feel like this paragraph is drawing a bigger distinction than actually exists.

replies(5): >>45189743 #>>45189878 #>>45190353 #>>45193310 #>>45195568 #
2. brookst ◴[09 Sep 25 21:50 UTC] No.45189743[source]
Maybe, maybe not. But it seems fair to point out. Certainly if it was as exposed as, say, Windows, then there would have been many.
replies(1): >>45189973 #
3. strcat ◴[09 Sep 25 22:00 UTC] No.45189878[source]
Neither Apple or Google truly knows how widespread attacks on their products have been despite portraying it as if they have perfect insight into it. They're claiming to know something they cannot. GrapheneOS has published leaked data from exploit developers showing they're much more successful at exploiting devices and keeping up with updates than most people believe. We have access to more than what we've published, since we don't publish it without multiple independent sources to avoid leaks being identified. These tools are widely available, and it cannot be generally known when they're used whether it's data extraction or remote exploitation. Catching exploits in the wild is the exception to the rule, otherwise exploit development companies would have a much harder job needing to keep making new exploits after they're heavily used. They wouldn't value a single exploit chain nearly as much as they do if it stopped working after it was used 50k times. Law enforcement around the world has access to tools like Cellebrite Premium which are used against many people crossing borders, at protests, etc. That is usage at scale. There's far less insight into remote exploits which don't have to be distributed broadly to be broadly used.
replies(2): >>45190330 #>>45190900 #
4. randyrand ◴[09 Sep 25 22:07 UTC] No.45189973[source]
I mean, if you read the exploit chains, they apply to all iPhones and are wormable.
5. saagarjha ◴[09 Sep 25 22:36 UTC] No.45190330[source]
Apple and Google have access to similar or more information than you do, they just don't publish it for similar reasons.
replies(1): >>45190696 #
6. saagarjha ◴[09 Sep 25 22:38 UTC] No.45190353[source]
It's mainly there as a swipe at Android. I don't think it really relates to the rest of the article (and, with no insight but with my conspiracy theory hat on, was included to peddle the merits of their App Store model).
replies(1): >>45190988 #
7. strcat ◴[09 Sep 25 23:06 UTC] No.45190696{3}[source]
> Apple and Google have access to similar or more information than you do, they just don't publish it for similar reasons.

If that's the case, then many of their public statements about this are extraordinarily dishonest. There are widespread exploits targeting Safari, Chrome, iOS and Android. These are not only rare attacks targeting people heavily sought out by governments, etc. They do not have nearly as much visibility into it as they make it seem.

replies(2): >>45190922 #>>45194451 #
8. bigiain ◴[09 Sep 25 23:24 UTC] No.45190900[source]
> tools like Cellebrite Premium which are used against many people crossing borders

I wonder when the first person will be turned away from a US border for having an iPhone Air that the CBPs phone extraction tool doesn't work on?

9. ghostpepper ◴[09 Sep 25 23:26 UTC] No.45190922{4}[source]
Can you be more specific on what you consider "widespread" vs "rare"?
replies(1): >>45191770 #
10. MBCook ◴[09 Sep 25 23:32 UTC] No.45190988[source]
Even without going conspiracy theory it fits very well as a simple marketing message. “We try hard at security and we do a good job of it. Here’s our newest tool.”

Personally I didn’t read it as a swipe against Android. If it was I don’t personally know what attack(s) it’s referring to outside of the possibility of malware installed by the vendor.

But if it’s installed by the vendor, they can really do anything can’t they. That’s not really a security breach. Just trust.

replies(1): >>45194455 #
11. commandersaki ◴[10 Sep 25 01:02 UTC] No.45191770{5}[source]
I don't think this constitutes as widespread at least in impact, but there's been times where malicious apps have made it on the App store and used to steal cryptocurrency.
12. jahooligan ◴[10 Sep 25 04:31 UTC] No.45193310[source]
absolutely. it is awful lawyer twinkie talk. but the fact that we get such a detailed artile press release on MIE new aphl tech it speaks to its validity and confidence which is plainly great for all of us.
13. saagarjha ◴[10 Sep 25 07:36 UTC] No.45194451{4}[source]
I don't really agree with your framing.
14. saagarjha ◴[10 Sep 25 07:37 UTC] No.45194455{3}[source]
It's aligned with their previous statements they've made about Android. It doesn't really fit here because the mitigation described is not really protecting users from widespread malware attacks.
15. jooize ◴[10 Sep 25 10:14 UTC] No.45195568[source]
I wonder why XcodeGhost doesn't count as successful, widespread malware attack against iPhone. WeChat was infected. It was before iOS had pasteboard protections.

[1] https://en.wikipedia.org/wiki/XcodeGhost