Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Operating Systems Security Government IOS Privacy Software Apple Hardware Technology

Apple Says It's Already Fixed Many WikiLeaks Security Issues (usatoday.com) 109

An anonymous reader quotes a report from USA Today: Apple says many of the vulnerabilities to its devices and software that came to light in WikiLeaks' revelations of CIA cyber weapons were already fixed in its latest updates. Late Tuesday, Apple emailed the following statement to USA TODAY: "Apple is deeply committed to safeguarding our customers' privacy and security. The technology built into today's iPhone represents the best data security available to consumers, and we're constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest OS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates." For its part, Samsung emailed its own statement Wednesday: "Protecting consumers' privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter."
This discussion has been archived. No new comments can be posted.

Apple Says It's Already Fixed Many WikiLeaks Security Issues

Comments Filter:
  • Good. (Score:4, Interesting)

    by BronsCon ( 927697 ) <social@bronstrup.com> on Wednesday March 08, 2017 @05:04PM (#54002633) Journal
    I'm glad to see positive response across the board, from Apple, Samsung, and I'm sure others. Especially Apple and Samsung, though, as I have many devices from both of them in my home.
    • by SeattleLawGuy ( 4561077 ) on Wednesday March 08, 2017 @06:06PM (#54002955)

      I'm glad to see positive response across the board, from Apple, Samsung, and I'm sure others. Especially Apple and Samsung, though, as I have many devices from both of them in my home.

      Keep an eye out for updates on "Unlocked" Phones that have switched networks. For some insane reason phones are marketed as "unlocked" when they can be used on another carrier's network, but *the security updates don't work* if you use them on the other network. These should probably be considered unmarketable and therefore not unlocked--and there should be a convenient way to pull signed security updates from the manufacturer instead of the carrier. Samsung and Apple issuing patches doesn't help if Verizon and AT&T fail to talk to each other enough for users on both networks to get the security updates, regardless of who originally installed a given phone's O/S.

      • You can often get updates direct from the manufacturer for Android phones; you just don't get them OTA. Even if not made generally available, they're more than happy to supply them to you if you call in and tell them you've managed to brick your firmware and need a factory image to restore from. thus far, I've been able to get them one way or another from Motorola (both pre- and post-acquisition), HTC, LG, and Samsung. I haven't yet not been able to get updates directly from a manufacturer.
      • by lokedhs ( 672255 )
        I've heard about software updates being pushed by the carrier instead of the vendor, but my understanding is that this is something that is strictly limited to the US market. In the rest of the world things work the way they are supposed to.
      • by santiago ( 42242 )

        Updates for iPhones come direct from Apple. There's no gating by carrier, because Apple had the clout to tell the carriers to shove it when it came to customizing it with their particular crapware.

        • by cstacy ( 534252 )

          Updates for iPhones come direct from Apple. There's no gating by carrier, because Apple had the clout to tell the carriers to shove it when it came to customizing it with their particular crapware.

          It's called a "cloud", not a "clout".
          Use a spellchecker, dude!

          • Updates for iPhones come direct from Apple. There's no gating by carrier, because Apple had the clout to tell the carriers to shove it when it came to customizing it with their particular crapware.

            It's called a "cloud", not a "clout".
            Use a spellchecker, dude!

            From https://www.vocabulary.com/dictionary/clout [vocabulary.com]

            clout
            When you speak of someone having clout, it usually means that they communicate a sense of power or influence, particularly in the political sense. "You’ll wanna talk to that big guy over there if you want me to let you in. He’s got clout."

            Use a dictionary, dude!

      • What's a locked phone? Is that an American thing? I thought the entire world abolished carrier locking in the 90s.

    • by Gr8Apes ( 679165 )
      Having both, I keep my Apple devices updated, and my Samsung devices disconnected from the internet. Why, because only 1 of my Samsung devices is still supported by Samsung, as most are more than 18 months old and therefore unsupported.
      • I tend not to keep devices for that long, save for my TV which is going on 6 years now, so that's not really a concern for me. In fact, this is the longest I've kept a cell phone in nearly 2 decades. I won't disagree that it can be an issue for others, though.
        • by Gr8Apes ( 679165 )

          It used to not be an issue for me either. However, with the CPU performance bottleneck receding for most of my phone needs, updating a phone has become much less pressing over the past 3 years. At this point the only thing really motivating an update outside of various types of hardware failures including, ahem, dropping your device in a pool or the like.... is lack of updates.

          Note also that AVRs, TVs, BD players, and a host of other devices all desire internet connectivity these days. Mine don't have it,

          • I do have my TV on my network; however, it is not a smart TV, just just has a media player feature. It will try to phone home if I tell it to check for updates; however, because I have its MAC blocked at the firewall, it can't. I check manually form time to time and, well, there have been 0 updates in the past 6 years anyway.

            It's also not one of the models with a mic and/or camera, so I feel I'm being just the right level of paranoid; I just don't want it getting an "update" that ends up pwning my network
    • by rakslice ( 90330 )

      Seeing as these companies stop issuing software updates for previous models before (in some cases well before) telcos' scheduled replacements for the last ones they sent to customers come up, it's hard not to read these statements as basically "the security of our customers is a such a high priority that we will actually try to ensure it, some of the time, if you're lucky".

  • by Anonymous Coward

    why? Because they don't opensource a thing.

    • by tlhIngan ( 30335 )

      why? Because they don't opensource a thing.

      Because it's testable? The vulnerabilities are known now. You can easily take an iOS device, update it and test to see how many vulnerabilities are fixed and how many are still open.

      And Apple opensources the core - the kernel and low level code is open source. Not that it means it's bug free (Heartbleed anyone? Shellshock?) since many can exist for years before discovery and exploit.

      See the open source stuff for Apple here: https://opensource.apple.com/ [apple.com]

  • Not Buying It (Score:5, Insightful)

    by PeteJanda ( 1481299 ) on Wednesday March 08, 2017 @05:10PM (#54002657)
    Anyone other than me believe that Apple, Samsung et al. (at a minimum) didn't look the other way before the Wikileaks dump? The OS-level issues really were unknowns for a long enough time that the CIA and other agencies could develop and deploy a playbook for hacking high value targets? What about the other elephant in the room... firmware?
    • Re: Not Buying It (Score:2, Interesting)

      by Anonymous Coward

      CIA et al didn't develop this. They bought them from black hats.

      • by Anonymous Coward

        They came from a different sources. Some in-house; some from private companies; some from collected exploits from other intelligence agencies; and some collected from foreign intelligence sources.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      According to the Apple announcement, the vulnerabilities were patched prior to the leak, so your insinuation doesn't fit with the facts.

      • According to the Apple announcement, the vulnerabilities were patched prior to the leak... What 'facts' are you talking about?

        • Re:Not Buying It (Score:4, Insightful)

          by larkost ( 79011 ) on Wednesday March 08, 2017 @05:58PM (#54002909)

          That would be pretty silly for Apple, since now anyone who cares to download and figure out the exploits can test them for themselves. Someone checking them on this would be easy, and a huge black eye for Apple. You really are off into conspiracy theory territory.

        • How old is the information from WikiLeaks? Your assumption is that all the information is current and not older. My analysis of the WikiLeaks dump is that the information starts from 2014.
      • Which could have been just after they were tipped off rhat they were going to be leaked.
    • Anyone other than me believe that Apple, Samsung et al. (at a minimum) didn't look the other way before the Wikileaks dump?

      Nope.

      Just you.

    • by Anonymous Coward

      > What about the other elephant in the room... firmware?

      I honestly wonder if Intel's IME & AMD's equivalent wasn't designed by the government. Hmm, so you have a processor on my processor that's totally a black box and it can control the entire machine? Who here doesn't believe they own that thing completely?

    • by AHuxley ( 892839 )
      The crypto held as so many smart people around the world use it and international conferences have faith in quality crypto.
      Re "The OS-level issues really were unknowns for a long enough time that the CIA and other agencies could develop and deploy a playbook for hacking high value targets? What about the other elephant in the room... firmware?"
      The trendy device is the "elephant in the room". Interesting people want to carry and be seen with a US designed device. A powered device with a mic, camera, gps,
    • You mean a company whose reputation is under intense criticism all the time like Apple would never patch holes they know about. Have you thought about what you just said? Granted Apple might not be the most best at finding holes or transparent about them; that does not mean they don't try to patch them when they find about them.
  • by yorgasor ( 109984 ) <ron.tritechs@net> on Wednesday March 08, 2017 @05:18PM (#54002699) Homepage

    Since the CIA & FBI are keeping the vulnerabilities they find secret, these companies just need to start planting spies in the CIA & FBI to find out what bugs they have on their software.

  • by Anonymous Coward

    I guess that answers whether the leaks were legitimate. The first spate of news after the leaks tried to paint a "if you've done nothing wrong" picture and adding speculation on if it was even legit.

    And, of course, the "if you've done nothing wrong, you have nothing to hide" argument is complete BS when it comes to privacy issues.

  • by hduff ( 570443 )

    IF they were deeply committed, they would have fixed them all by now.

    • If they were deeply committed, well, they wouldn't be able to fix code while in a straight jacket and heavy meds.

      If they were really deeply committed, they'd write code without security holes in it.

  • Isn't it sort of a fact that the security holes haven't even been fully sorted out yet?

"One day I woke up and discovered that I was in love with tripe." -- Tom Anderson

Working...