Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Apple IT

Apple Warns iPhone Users in 98 Countries of Spyware Attacks (techcrunch.com) 29

Apple has issued a new round of threat notifications to iPhone users across 98 countries, warning them of potential mercenary spyware attacks. It's the second such alert campaign from the company this year, following a similar notification sent to users in 92 nations in April. TechCrunch: In its communication to affected users, Apple stressed the sensitive nature of its threat identification methods, cautioning that divulging additional details could potentially aid attackers in evading future detection. Apple has also made a notable shift in its language since last year, opting to describe these incidents as "mercenary spyware attacks" instead of the previously used term "state-sponsored" attacks.
This discussion has been archived. No new comments can be posted.

Apple Warns iPhone Users in 98 Countries of Spyware Attacks

Comments Filter:
  • by Mirnotoriety ( 10462951 ) on Thursday July 11, 2024 @06:34AM (#64617993)
    What was the name of that chip with unknown registers that allowed full remote access with the user unaware. When asked, Apple engineers said they don't even know what they are for.
    • That was for Apple silicon Macs, not iPhones, and it did not allow remote access.

      It leaked crypto information to a user-level process running on the same CPU. It isn't a vulnerability that affects most users.

      • Re: (Score:2, Insightful)

        by drinkypoo ( 153816 )

        It leaked crypto information to a user-level process running on the same CPU. It isn't a vulnerability that affects most users.

        Most users don't use crypto? I guess I hallucinated all those https URIs.

        • Well, leaking a TLS session key to a local log file after the session disconnects would be an example of a crypto leak that you don't have to worry much about.

          • That can still be a leak. For example, if I'm using an E2EE messaging platform, write a message, then close that window, if something can leak the ephemeral keys used in that session, that could be compromising.

            Apple's hardware crypto support is odd too. IIRC, it only allows the OS and Apple stuff to use it, while if one wants to use AES with Chrome, it needs to be done via a software implementation. This might have changed, though.

      • by tlhIngan ( 30335 )

        That was for Apple silicon Macs, not iPhones, and it did not allow remote access.

        It leaked crypto information to a user-level process running on the same CPU. It isn't a vulnerability that affects most users.

        It was actually making a mockery of the whole security reporting thing.

        It's actually 2 bits in a register that shouldn't be accessible (they are reserved) but are.

        Two processes could use those two bits to communicate with each other, but they have to be aware of those bits to begin with.

        So yes, it could

  • by fuzzyfuzzyfungus ( 1223518 ) on Thursday July 11, 2024 @06:51AM (#64618015) Journal
    "Apple has also made a notable shift in its language since last year, opting to describe these incidents as "mercenary spyware attacks" instead of the previously used term "state-sponsored" attacks."

    That seem like it could imply three potentially quite different things: one would be Apple holding the same internal position as ever about the nature of the attacks; but someone from legal or regulatory affairs or the like insisting that less combative language is better for business. Another would be that Apple is either less focused on or less certain of attribution and (sensibly) isn't making claims they aren't reasonably sure of. The third would be that Apple has concluded that there has been a change in the availability of reasonably high end iOS attacks; and capabilities that historically suggested that a state actor was interested in you are now commercially available(not necessarily on the same tier as the stuff dismissively referred to as 'commodity', down where the phish toolkits and pre-canned attacks for known but commonly unpatched flaws live; but the sort of thing that a commercial actor with deep pockets or a state agent with basically zero in-house expertise but some procurement power would both have.
  • through a text message? browser on malicious website? email? wtf? how about more info on what to look for?
    • Down with this sort of thing!
    • Usually itâ(TM)s the delivery of a malicious payload via an instant messaging app like iMessage, Signal, WhatsApp, etc. iMessage gets all the attention but all of them are at risk since the vulnerabilities are in the operating system and can be reached via any of those messenger apps, itâ(TM)s not actually a vulnerability in the messaging app thatâ(TM)s the issue. Your device receives the message and automatically starts processing it which triggers the exploit. You never see the new message
      • Usually itâ(TM)s the delivery of a malicious payload via an instant messaging app like iMessage, Signal, WhatsApp, etc. iMessage gets all the attention but all of them are at risk since the vulnerabilities are in the operating system and can be reached via any of those messenger apps, itâ(TM)s not actually a vulnerability in the messaging app thatâ(TM)s the issue. Your device receives the message and automatically starts processing it which triggers the exploit. You never see the new message notification or message itself since the attacker already controls your device before it would get to that point and deletes it. Check out the Am I Secure? app on the App Store, has good advice on protecting your device. Iâ(TM)m a subscriber to their scanning service since they already caught some attacks against their users.

        Well, apparently not all attacks against you...

        https://www.numbersstation.app... [www.numbersstation.app] [numbersstation.app] Can also happen via a link to a malicious web site (although thatâ(TM)s more obvious and easier to avoid) as well as network injection where an attacker has network level access and simply steers your device to malicious websites even when you go to a legitimate one.

        No need to steer you to another website. I presume that it can spread via another already infected user posting gibberish to a social media site.

        • Whenever I post on slashdot it converts apostrophes to â(TM), I forgot and used apostrophes before I posted, does not happen in any other program or web site. I see it happens to other users on Slashdot as well (search Google for "slashdot.org itâ(TM)s") . Weird.
  • Apple's ecosystem is hermetically closed and Apple rigorously vets all apps that run on your Apple device, and won't even let a browser other than their own go on the intarwebs.

    Could it be that they're not in fact doing all that for the users' safety and privacy? Could it be that their platform is in fact just as vulnerable as all the others? Say it isn't so!

    • by HiThere ( 15173 )

      IIUC, it's not at vulnerable as, say MS Windows. It's reputably considerably better. But anyone can be attacked.

      • I'm curious if Windows security issues would be similar if all the software came from an app store. Almost every Windows vulnerability I hear about is related to the user installing shit. The other types of vulnerabilities, everyone gets once in a while.

    • You're misrepresenting what Apple claims, with the exception of not permitting non-WebKit based browsers. Were I being pedantic I would point out that on my iPhone I have Chrome, Edge, and Safari... but under the hood there's a single engine, so... point acknowledged.

      Apple has a list of things they "check" for applications. It does not constitute a promise or guarantee of invulnerability, perfection, and ideal security. If you think it does, that's an assumption on your part. It has NEVER been claimed to be

    • by kmoser ( 1469707 )
      Their "walled garden" doesn't seem to be so great. Since Apple definitely has the ability to delete or alter apps and data remotely, why don't they just nuke spyware when they detect it?
      • by tlhIngan ( 30335 )

        Since Apple definitely has the ability to delete or alter apps and data remotely, why don't they just nuke spyware when they detect it?

        No they haven't. Apple hasn't deleted a single app from a user's device remotely. We don't know if it's even possible for them to do it as it's never been done. So [citation needed].

        We DO know that there's a check to see if an app can run. However, it's in location services. So if an app doesn't use location services, there is no way Apple can disable the app. And that only

        • by kmoser ( 1469707 )
          They control the O/S, so they 100% have the ability to push updates that give them that control. I'm not saying they *have*, I'm saying they *could*.

Dennis Ritchie is twice as bright as Steve Jobs, and only half wrong. -- Jim Gettys

Working...