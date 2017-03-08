Apple Says It's Already Fixed Many WikiLeaks Security Issues (usatoday.com) 29
An anonymous reader quotes a report from USA Today: Apple says many of the vulnerabilities to its devices and software that came to light in WikiLeaks' revelations of CIA cyber weapons were already fixed in its latest updates. Late Tuesday, Apple emailed the following statement to USA TODAY: "Apple is deeply committed to safeguarding our customers' privacy and security. The technology built into today's iPhone represents the best data security available to consumers, and we're constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest OS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates." For its part, Samsung emailed its own statement Wednesday: "Protecting consumers' privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter."
"Apple is deeply committed to safeguarding our customers' privacy and security..."
"Protecting consumers' privacy and the security of our devices is a top priority at Samsung."
Always with the boilerplate response. Bullshit is the new sublime
I'm glad to see positive response across the board, from Apple, Samsung, and I'm sure others. Especially Apple and Samsung, though, as I have many devices from both of them in my home.
Keep an eye out for updates on "Unlocked" Phones that have switched networks. For some insane reason phones are marketed as "unlocked" when they can be used on another carrier's network, but *the security updates don't work* if you use them on the other network. These should probably be considered unmarketable and therefore not unlocked--and there should be a convenient way to pull signed security updates from the manufacturer instead of the carrier. Samsung and Apple issuing patches doesn't help if Veriz
why? Because they don't opensource a thing.
Because it's testable? The vulnerabilities are known now. You can easily take an iOS device, update it and test to see how many vulnerabilities are fixed and how many are still open.
And Apple opensources the core - the kernel and low level code is open source. Not that it means it's bug free (Heartbleed anyone? Shellshock?) since many can exist for years before discovery and exploit.
See the open source stuff for Apple here: https://opensource.apple.com/ [apple.com]
CIA et al didn't develop this. They bought them from black hats.
According to the Apple announcement, the vulnerabilities were patched prior to the leak, so your insinuation doesn't fit with the facts.
According to the Apple announcement, the vulnerabilities were patched prior to the leak... What 'facts' are you talking about?
That would be pretty silly for Apple, since now anyone who cares to download and figure out the exploits can test them for themselves. Someone checking them on this would be easy, and a huge black eye for Apple. You really are off into conspiracy theory territory.
Anyone other than me believe that Apple, Samsung et al. (at a minimum) didn't look the other way before the Wikileaks dump?
Nope.
Just you.
> What about the other elephant in the room... firmware?
I honestly wonder if Intel's IME & AMD's equivalent wasn't designed by the government. Hmm, so you have a processor on my processor that's totally a black box and it can control the entire machine? Who here doesn't believe they own that thing completely?
Re "The OS-level issues really were unknowns for a long enough time that the CIA and other agencies could develop and deploy a playbook for hacking high value targets? What about the other elephant in the room... firmware?"
The trendy device is the "elephant in the room". Interesting people want to carry and be seen with a US designed device. A powered device with a mic, camera, gps,
Since the CIA & FBI are keeping the vulnerabilities they find secret, these companies just need to start planting spies in the CIA & FBI to find out what bugs they have on their software.
That argument falls apart when you realize that TrueCrypt hasn't been under active development in quite some time and has, in fact, been abandoned by its developers with a warning that it may be vulnerable. Coupled with the fact tha
