Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Fixes Three Zero Days Used In Targeted Attack (onthewire.io)

Posted by EditorDavid on from the infecting-an-iPhone dept.

Trailrunner7 quotes a report from On The Wire: Apple has patched three critical vulnerabilities in iOS that were identified when an attacker targeted a human rights activist in the UAE with an exploit chain that used the bugs to attempt to remotely jailbreak and infect his iPhone. The vulnerabilities include two kernel flaws and one in WebKit and Apple released iOS 9.3.5 to fix them.

The attack that set off the investigation into the vulnerabilities targeted Ahmed Mansoor, an activist living in the UAE. Earlier this month, he received a text message that included a link to what was supposedly new information on human rights abuses. Suspicious, Manor forwarded the link to researchers at the University of Toronto's Citizen Lab, who recognized what they were looking at. "On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising ;new secrets' about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based 'cyber war' company that sells Pegasus, a government-exclusive "lawful intercept" spyware product," Citizen Lab said in a new report on the attack and iOS flaws.

76 comments

  1. How many can get updates from carriers!? by Anonymous Coward · · Score: -1

    Few. Any. Time. Soon. Give. It. Up.

    1. Re:How many can get updates from carriers!? by ArtemaOne · · Score: 2

      What updates does one need from a carrier? They have nothing to do with the operating system.

    2. Re:How many can get updates from carriers!? by TigerPlish · · Score: 5, Informative

      Few. Any. Time. Soon. Give. It. Up.

      That's not how iOS works. The carriers just carry. Apple provides the update -- to the user's device. The carrier has no say in it at all.

      Or, are you implying that the carriers will refuse to carry the update? That would be selective blocking / filtering, and once that story breaks, well, it'll be pitchforks and torches against those carriers.

      And, to cover any misunderstandings, if the phone has no carrier, it cannot transmit, either.

      So... what was your point, again?

      --
      The "Civilized World" jumped the shark ca. 1973.
    3. Re:How many can get updates from carriers!? by Anonymous Coward · · Score: 0

      It shouldn't, but it does. Never buy a phone that has the carriers name printed on the case, or has a carriers icon anywhere in default OS.

    4. Re:How many can get updates from carriers!? by bloodhawk · · Score: 2

      Carriers regularly act as gateways to updates that only permit approved updates (i.e. ones that don't cause their network issues). It is a pain in the arse but it is reality.

    5. Re:How many can get updates from carriers!? by burtosis · · Score: 5, Interesting

      And, to cover any misunderstandings, if the phone has no carrier, it cannot transmit, either.

      So... what was your point, again?

      You can use a iPhone with no carrier. I do all the time. You just use wifi enabled calling and sms. It's a lot cheaper, much less of a headache, and quite convienent for some people who nearly always have access wifi.

    6. Re:How many can get updates from carriers!? by ArtemaOne · · Score: 4, Informative

      Not for iOS. Is this an Android "feature"?

    7. Re:How many can get updates from carriers!? by TigerPlish · · Score: 1

      You can use a iPhone with no carrier. I do all the time. You just use wifi enabled calling and sms. It's a lot cheaper, much less of a headache, and quite convienent for some people who nearly always have access wifi.

      Certainly. That's how I use it at home, at friend's houses, and the like. Well, except for the wi-fi calling and SMS.

      That's still transmitting, just through a different carrier -- if we're on wi-fi we're using whatever carrier (ISP) our host has. Comcrap for me, AT&T Uworse for my buddy.

      I rarely call... I usually imessage.. not even SMS. The one guy I call on a regular basis doesn't even have a cellphone. Luddite! ;o) It's either phone, or email with him. He literally has no cellphone. The only person I know that doesn't.

      We do swap Enigma messages, as a hobby, though. I wonder what NSA makes of that. Boring stuff, usually Kancolle garbage. I wonder if NSA has figured out what "poi" is.....

      --
      The "Civilized World" jumped the shark ca. 1973.
    8. Re:How many can get updates from carriers!? by allquixotic · · Score: 2

      It's more about Apple strong-arming the carriers into an agreement where Apple can roll out any software they want to any iPhone at any time, WITHOUT the carriers' approval or testing, and even without allowing the carriers to inject their own software (bloatware) into the image.

      All other smartphone vendors are, at least individually, not in a position of enough strength to try and tell Verizon, AT&T, Telstra, Orange, etc. that they don't get to make any software customizations or do their own testing. So therefore all Android phones' updates have to go through the carriers, but Apple updates don't.

    9. Re:How many can get updates from carriers!? by Anonymous Coward · · Score: 0

      Yup, and it's why I ditched Android for iOS.

      As for jailbreaking and whatnot, "ain't nobody got time for that".

    10. Re:How many can get updates from carriers!? by antdude · · Score: 1

      Ditto.

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    11. Re:How many can get updates from carriers!? by Anonymous Coward · · Score: 0

      > Never buy a phone that has the carriers name printed on the case, or has a carriers icon anywhere in default OS.

      This story is about Apple. Here's how you update your Apple iPhone: Go to Settings, select "general", and then hit "software update". This works on any carrier.

      Some Androids have this problem. Apple literally never does.

    12. Re:How many can get updates from carriers!? by fuzzyf · · Score: 1

      Are you sure you are using SMS without a carrier?

      You are probably using iMessage and facetime. Both work fine without a carrier, but you'll be limited to apple devices on both sending and receiving.

    13. Re:How many can get updates from carriers!? by AmiMoJo · · Score: 1

      Only if you agree crazy enough to buy your phone from the carrier.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    14. Re:How many can get updates from carriers!? by Razed+By+TV · · Score: 1

      And, to cover any misunderstandings, if the phone has no carrier, it cannot transmit, either.

      If by no carrier, you mean no nearby cell towers, I would agree.
      If a phone has access to a carrier's tower, I would not be surprised to find out that it could transmit surreptitiously.

      If you can make a 911 call on a phone without a sim card, I see no reason as to why a carrier couldn't track you via IMEI number. And if they can identify your IMEI, why couldn't they enable you to communicate without having a proper sim? Sure, this requires the government to be buddy-buddy with the carrier...

      I read the article, trying to figure out who was targeting the activist. Israeli company NSO provides the attack to probably the UAE (who had previously been targeting Mansoor). NSO is majority owned by US private equity firm Francisco Partners. I wouldn't expect either group (Francisco/NSO) to be interested in quashing democracy in UAE.

    15. Re: How many can get updates from carriers!? by Anonymous Coward · · Score: 0

      Right, but wrong to blame on Android..its a manufacturer feature. Planned obselance. Such, as, I have a hp7 1800, tablet that I'll have to jailbreak soon, the manufacturer won't update this fully functional tablet. Works like a charm, but,getting slower as it ages. As it has to interpret the new permissions to older ways.
      But the article sounds new, and the fix was on hand? Fixed in days? Sounds like bass to me.

    16. Re:How many can get updates from carriers!? by Applehu+Akbar · · Score: 1

      "And, to cover any misunderstandings, if the phone has no carrier, it cannot transmit, either."

      None of these quibbles apply if you just download your iOS updates over WiFi, which you want to do in any case to avoid burning through your data cap. It's a swich right there in Settings.

    17. Re:How many can get updates from carriers!? by Applehu+Akbar · · Score: 1

      "You can use a iPhone with no carrier."

      You can also set one up with a prepaid carrier rather than a fixed monthly contract.

    18. Re:How many can get updates from carriers!? by angel'o'sphere · · Score: 1

      It's more about Apple strong-arming the carriers into an agreement where Apple can roll out any software they want to any iPhone at any time, WITHOUT the carriers' approval or testing
      That is bollocks.
      Software upgrades don't affect the carrier at all.
      How should they?

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    19. Re:How many can get updates from carriers!? by Qzukk · · Score: 1

      I wouldn't expect either group (Francisco/NSO) to be interested in quashing democracy in UAE.

      Does democracy pay as much as the alternative?

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
    20. Re:How many can get updates from carriers!? by Bert64 · · Score: 1

      It's nothing to do with causing network issues, virtually all carriers can't stop you connecting your own handsets that could be running anything.
      It's all about branding, forcing their brand in your face and all the bloated crap they want to put on the handsets that the users will never use.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    21. Re:How many can get updates from carriers!? by allquixotic · · Score: 1

      I'm not arguing whether software updates to devices should or shouldn't affect or be approved by carriers; I'm telling you that they *are*. Factually. It's a known thing; look it up. The carriers themselves admit it.

      If you are using a smartphone that was not manufactured by Apple, and you live in a country where large corporations own and operate the telecommunications infrastructure, especially the United States, UK and Australia, there is a very good chance that your carrier actively tests, modifies, and must approve all operating system software updates being applied to your phone, *before* that software can be rolled out to you.

      Of course, if you've rooted and/or unlocked the bootloader of your phone, you can choose to apply your own changes to the system. But if you've had to exploit a security vulnerability to gain this access because the carriers don't legitimately provide that access to you, chances are good that the vulnerability you used to gain access is still there, and someone else could use it to compromise your device. Not good.

      But back to my original point. It's not "bollocks" because carriers *do* care, very much, about what software manufacturers are deploying via OTAs to consumers. This is why any Android device you buy from Verizon Wireless comes with an NFL app pre-installed, along with several others, including Verizon-specific apps that nag you to try and get you to use their first-party add-on services and consume their paid content. That's not the manufacturer. That's 100% the carrier.

      You may be totally unaware of this because you're lucky enough to have a carrier that does not behave this way, but surely you can at least see the justification why a for-profit company would think this would be a good idea. I'm sure they aren't installing the NFL app on your phone out of reverence for the sport of American football; why, I'd wager the NFL might actually pay them a small amount of money for each phone they sell that ships their app pre-loaded. Similarly, I doubt they merely want to offer you free, ad-free television when they pre-load their Verizon streaming service app on your phone. The probability of their service having both excessive in-app advertisements *and* a monthly subscription fee is approximately 100%. Welcome to capitalism.

    22. Re:How many can get updates from carriers!? by angel'o'sphere · · Score: 0

      If you are using a smartphone that was not manufactured by Apple, and you live in a country where large corporations own and operate the telecommunications infrastructure, especially the United States, UK and Australia, there is a very good chance that your carrier actively tests, modifies, and must approve all operating system software updates being applied to your phone, *before* that software can be rolled out to you.
      Perhaps the carriers demand that, but it makes no sense.
      The software can not interfere with e the ECF (or is it EFC?) certified parts of your phone so regardless what software is on it, it can't interfere with the network of the carrier.

      But back to my original point. It's not "bollocks" because carriers *do* care, very much, about what software manufacturers are deploying via OTAs to consumers.
      Via "OTA" perhaps, what ever that is :D
      But I can simply install any "app" or OS upgrade how ever I want on any carrier I ever was on, regardless of iOS or Android.

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
  2. Safe? by Anonymous Coward · · Score: 0

    OMFG I bought an iPhone because it's supposed to be safe!!!

    1. Re:Safe? by hcs_$reboot · · Score: 1

      Just apply the update and it'll be safer.

      --
      Slashdot, fix the reply notifications... You won't get away with it...
    2. Re: Safe? by shitzu · · Score: 3, Interesting

      Well, the fact that an ios vulnerability is newsworthy and android one is not, should tell you which is safer.

    3. Re:Safe? by thesupraman · · Score: 1

      I think you mean it will be less unsafe.

      Clearly 'safe' is an absolute. This is a fix for a known vulnerability.
      You cannot be safer than safe, but you can be less unsafe than having a known vulnerability ;)

      Its almost like no one is magically 'exempt' from such issues, fancy that.

      Still, at least they turned around a patch reasonably quickly. Pity they didnt do so before it was
      major media news..

    4. Re: Safe? by thesupraman · · Score: 0

      I guess you dont read the news much then?

      Android vulnerabilities, even ones that dont actually cause any issue, are trumpeted loudly.

      Want to apply your (broken) logic again? Didnt think so.

    5. Re:Safe? by hcs_$reboot · · Score: 1

      I said "safer" rrrrrr, not "safe".

      --
      Slashdot, fix the reply notifications... You won't get away with it...
    6. Re: Safe? by shitzu · · Score: 2

      You are talking about android specific forums, etc. I am talking about generel non-tech media. I stand by my statement.

    7. Re: Safe? by gustygolf · · Score: 1

      Zero-days that are used in a targetted attack, analysed. *That* is newsworthy.

      Well, slashdotworthy in any case.

      --
      "Slow Down Cowboy! It's been 58 minutes since you last successfully posted a comment" -- slashdot, driving users away.
  3. iOS sucks! by Anonymous Coward · · Score: 5, Funny

    Thank god I use android where such bug fixes will never make it to my phone.

    1. Re: iOS sucks! by Anonymous Coward · · Score: -1

      Thank God you get paid by Apple for posting such comments.

    2. Re: iOS sucks! by Anonymous Coward · · Score: 0

      Question: What kind of idiot would buy an Android-powered phone which isn't a Nexus phone?

    3. Re: iOS sucks! by Anonymous Coward · · Score: 1, Insightful

      Yawn. You really think that Apple, the richest company on the planet, gives two shits about a half-ass, wanna-be tech site like Slashdot?

    4. Re: iOS sucks! by TigerPlish · · Score: 1

      Thank god I use android where such bug fixes will never make it to my phone.

      Ha!

      I don't have modpoints right now and even if I had some I couldn't use 'em if I wanted to, since I've already replied..

      Your post is either +1 Funny or +1 Insightful! It went *whoosh* right over everyone's heads, its seems!

      --
      The "Civilized World" jumped the shark ca. 1973.
    5. Re: iOS sucks! by macs4all · · Score: 5, Insightful

      Question: What kind of idiot would buy an Android-powered phone which isn't a Nexus phone?

      So, what you're saying us that, kind of the supposed strengths of Android, "freedom to pick a phone from any one of several OEMs", actually cones down to "Only pick Nexus if you value Security".

      Thank you for finally confirming that.

    6. Re: iOS sucks! by Anonymous Coward · · Score: 1

      There is often a root option but yes, one needs to be careful when selecting an Android powered device.

      Some positives are choice, price, features, and styles. Proper work can net one a reasonable choice but it is truly simpler to just get an iPhone if one is unable or unwilling to secure their Android.

      There need be no dispute, they are entirely different devices with varied benefits to picking either. Ideally, you will pick the one that best suits your needs.

      I am not supposed to be here. I am in rehab, again. You can guess who this is. Oh, I stopped on the way here to buy a tablet. I bought an iPad. I would have bought a Surface Pro and put Lubuntu on it but I figured the process would suck and I knew I would have limited resources and I am not supposed to be online. They should pick smarter wireless passwords. ;-)

      For reference, I have a Windows phone and am remarkably (surprisingly) happy with it still. My next will have Ubuntu but I will try to swap it to Lubuntu. I don't do much with my phone and right now I do not even have my phone. They took it away. Bastards... I hate Suboxone.

    7. Re: iOS sucks! by Zontar+The+Mindless · · Score: 0

      You really think that $mega_software_co gives two shits about a half-ass, wanna-be tech site like Slashdot?

      They have been known to do so. Why is Apple any different?

      --
      Il n'y a pas de Planet B.
    8. Re: iOS sucks! by Anonymous Coward · · Score: 0

      Except it's true, unless you buy a Nexus. Every other Android on the market rarely if ever gets security patches, much less an actual full version bump. (Nexus user here, and love it! Nougat is quite nice. Will be 2 years before the $20 "smart phone" at the corner store runs it, though.)

    9. Re: iOS sucks! by jafiwam · · Score: 0

      Yawn. You really think that Apple, the richest company on the planet, gives two shits about a half-ass, wanna-be tech site like Slashdot?

      It's used as a marketing mouthpiece by Apple often enough...

    10. Re: iOS sucks! by Plumpaquatsch · · Score: 1

      You really think that $mega_software_co gives two shits about a half-ass, wanna-be tech site like Slashdot?

      They have been known to do so. Why is Apple any different?

      Well, Apple keeps doing many things different than other companies. A lot ofanalysts and journalists keep complaining about it, yet Apple is successful either despite or because of it. Eg they don't go to any of the computer, entertainment and mobile phone trade fairs. When everybody got out of retail, they started the Apple Stores. And they don't give out Technology roadmaps.

      So "Everybody else does it so $this_guy has to do it too" is a particular bad argument in the case of Apple.

      --
      Of course news about a fake are Fake News.
    11. Re: iOS sucks! by Plumpaquatsch · · Score: 1

      Question: What kind of idiot would buy an Android-powered phone which isn't a Nexus phone?

      About 99% of Android buyers. Because for various reasons Google doesn't really want to sell more Nexuses, Nexii or what ever more than one Google Nexus is called.

      --
      Of course news about a fake are Fake News.
    12. Re: iOS sucks! by angel'o'sphere · · Score: 4, Informative

      I only was once in an apple store, but it was an amazing experience.

      That was in Paris close to the Louvre, I forgot my iPad charger at home, so I bought a new Charger and a canle.

      While I was looking through the different chargers and picked what I wanted a lady approached me and aksed if she could help me, and I said, no I have all I want.

      So she said "ah, oki, want to pay in cash or with card?" So I replied "with card", and she said: then you can pay right away here (without me needing to go to the cashier)

      So she took out her iPhone 4, made a photo of my credit card, and asked a seond later: "you have this email adress?"

      "Yes?"

      "Do you want a bill as PDF to that eMail address?"

      "Yes!"

      "And this is credit card is keyed to your iTunes Account?"

      "Yes?"

      "Do you want to be billed via the iTunes Account?"

      "Yes!"

      Actually I should have asked her when she finishes working ... she was about my age but typical french, strict hair in a bunny, dark skin and hair, in a small black dress. Likely with ancestors from north africa.

      Annyway, I avoided the queue at the cashier, payed where I was standing, got a 'real bill' via email ...

      The shop was full with 'servants' like that, probably 30 - 40 people serving customers. In france it is typical that shops have a bit more 'clerks' or workers than in germany ... but that topped every thing I ever have seen before.

      Of course there was a chill out area, with free WiFi etc. too ...

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    13. Re: iOS sucks! by CODiNE · · Score: 1

      You can actually do all that yourself now with their App Store app on your iPhone. They'll let you walk right out without even checking your bag. Someone keeps an eye on the door and they know when you pay with the app. Can ask for a bag if you want. Pretty slick, hope more stores do that in the future.

      --
      Cwm, fjord-bank glyphs vext quiz
    14. Re: iOS sucks! by Anonymous Coward · · Score: 0

      Thank you for finally confirming that.

      Uh, you're welcome, I guess? Not sure why you would trust a "confirmation" from some random Slashdot AC.

    15. Re: iOS sucks! by Zontar+The+Mindless · · Score: 1

      And exactly none of you actually responded to my question, but served handily to reinforce my point. Thanks!

      --
      Il n'y a pas de Planet B.
    16. Re: iOS sucks! by CODiNE · · Score: 2

      Never read your post. Still haven't. That could explain this.

      --
      Cwm, fjord-bank glyphs vext quiz
    17. Re: iOS sucks! by CODiNE · · Score: 1

      I wish Apple cared about sites like this. Have you seen their Mac hardware and pro software lately? Ignoring their technical and pro users is the #1 complaint against Apple these days.

      iOS users diss android for the same reasons Mac users diss Windows. A failure to understand different criteria for choosing computers. Apple doesn't need to pay people to argue online.

      --
      Cwm, fjord-bank glyphs vext quiz
  4. Apple Fights a Loosing Battle by Anonymous Coward · · Score: 0

    To Jail Break not just one iPhone but 1 million iPhones is a battle that Apple Inc. thanks to Timmy Cook has already lost.

    1. Re:Apple Fights a Loosing Battle by Anonymous Coward · · Score: 2, Informative

      How do you confuse lose and loose? You made a very fine comment, but undid it all with that mistake. -1

    2. Re:Apple Fights a Loosing Battle by macs4all · · Score: 1

      To Jail Break not just one iPhone but 1 million iPhones is a battle that Apple Inc. thanks to Timmy Cook has already lost.

      Could you please speak English? Your comment is utterly incomprehensible.

    3. Re: Apple Fights a Loosing Battle by Anonymous Coward · · Score: 0

      Yous just doesn't like what his days.

    4. Re: Apple Fights a Loosing Battle by Anonymous Coward · · Score: 1

      There's typically about 1-4 million jail broken iOS devices, at any one time, depending on version of iOS (based on Cydia Store data). That represents less than 0.5 percent of active iOS devices.

      This was the 5th , maybe 6th, time someone has chained a wireless, "just click on the link and you are done" jailbreak. 3 of the others were made public by Geohot, who later ended up working for Apple, and is currently working on self driving cars on his own project.

      This one was a 3 exploit 0-day chain that is now burned & patched in 9.3.5 and 10.0.0 beta. 9.3.5 is small enough for OTA over cellular, so a high percentage of devices will have it downloaded within 2 weeks, and most of them will be updated. 10 is about to drop, and that will push up the number of patched devices higher. It's not crazy to infer that maybe 80% of devices will be patched within a month of the issue going public.

      The last one(s) that are/is presumed to be the one that Zerodium dropped a million USD on, and some of the shady peers of NSO Group (eg Hacking Team) either have access to this one, or they have their own equivalent. Zerodium has suggested their exploit chain is different from Trident (and it's fair to assume they aren't lying ).

      Apple's usually pretty quick to patch this kind of thing - the first one was slower, but they tend to drop everything for this kind of vulnerability , and have it down to about a week.

      There's likely one, or two chains out there that are in use for HVT attacks, and are not yet public, as they are too valuable .

  5. Apples Fixes Three Zero Days Used In Targeted Atta by Anonymous Coward · · Score: -1

    Apples Fixes Three Zero Days Used In Targeted Attack?

  6. Attacks traced back to Israel by Anonymous Coward · · Score: -1

    Sounds like Israel is condoning terrorism against citizens of Arab nations. This needs to be severely punished by the international community.

    1. Re:Attacks traced back to Israel by Anonymous Coward · · Score: -1

      Jews did 9/11!

    2. Re:Attacks traced back to Israel by Anonymous Coward · · Score: 0

      "This needs to be severely punished by the international community"
      The "international community" creates their own software tools or purchases them from someone else. The international community is a myth just like international law. It's every country for it's self. There are no permanent allies or enemies there are only interests which change over the years. Israel's technology sector comes close matching the US. Their military technologies are regarded as some of the best in the world. The US supports Israel because it provides the leverage they need to dissuade Israel from selling some of it's weapon systems to countries the US identifies as enemies. US drone and missile defense systems contain a lot of Israeli technology.

    3. Re: Attacks traced back to Israel by Anonymous Coward · · Score: 0

      Heh you think that either the UAE or Saudi government had nothing do with this? The hate Isreal part of their rhetoric is only for the consumption of the common people. When it comes to cyber-arms deals they really don't give a damn about it.

    4. Re:Attacks traced back to Israel by Anonymous Coward · · Score: 0

      Dream on.
      Israel can do no wrong. The US and WW2 legacy ensure that they can do whatever they want and no one will ever be able to do anything about it.

  7. but by Anonymous Coward · · Score: 0

    Exactly how long has Apple known about these holes though.
    They maybe zero days to everyone else,Apple could have known about them all the time and left them open on purpose.
    I wouldn't trust Apple or anyone connected with Apple to tell me if I was stood up or laying down..

    1. Re: but by Anonymous Coward · · Score: 0

      Where does trust come into it? You are using a device with a user agreement that specifically excludes consequential damages. Use any electronic internet connected device at your own risk. You think some other company is going to protect you from getting hacked or won't give up your data to the Feds if asked?

    2. Re:but by macs4all · · Score: 1

      Exactly how long has Apple known about these holes though. They maybe zero days to everyone else,Apple could have known about them all the time and left them open on purpose. I wouldn't trust Apple or anyone connected with Apple to tell me if I was stood up or laying down..

      I'm sure that Tim Cook lies awake at night worrying about your opinion.

    3. Re:but by Anonymous Coward · · Score: 0

      who gives a crap about what keeps tim cook awake a night?

    4. Re: but by Anonymous Coward · · Score: 0

      I am completely sure Apple has a mountain of bugs they are sitting on. It's safe to assume they fuzz hundreds or thousands of devices concurrently.

      The hard bit isn't finding crashes, it's triaging them into priority order of ones that are most likely further exploitable .

      It's totally plausible they "knew" about one or more of these and had erred in prioritizing it.

      I am less convinced they are knowingly sitting on a bunch of weaponised 0-days themselves : the vendor stockpiling 0-days is pretty much the same issue as their last bun fight with the FBI, and they clearly are not keen on having a kryptonite stockpile.

      They aren't Oracle (whose moral compass is so fucked up, I'm continually amazed their sales teams can find their cars after a customer call), and we know from their patch /update security notes that Apple credit their internal Red Team on 0-days all the time.

    5. Re: but by Anonymous Coward · · Score: 0

      I thought gobbling big man cock keeps him up at night. I could be wrong, maybe that's why he is grumpy in all those meetings.

  8. iOS 10 v7 by ArtemaOne · · Score: 1

    Also v7 just hit for those in the beta program.

  9. Dupe by Anonymous Coward · · Score: 0

    This news was already reported on Thursday.

    https://apple.slashdot.org/story/16/08/25/1813236/malware-sold-to-governments-helped-them-spy-on-iphones

    Although the news that Apple fixed the 3 vulnerabilities was not in Thursday's summary, it was mentioned in the article, and in the comments.

  10. I think I'll go back to my abacus by Anonymous Coward · · Score: 0

    It's quite resistant to remote hacks.

  11. "Apples" by Anonymous Coward · · Score: -1

    The name of the company is APPLE.

    Editors: WHERE ARE YOU?

    1. Re:"Apples" by GodWasAnAlien · · Score: 1

      "Apples" is the new parent company.
      Subsidiaries are:
      "Idared" - products: I-Phone, I-PAD, ..
      "Macintosh" - Mac products. ...

  12. Costly by Anonymous Coward · · Score: 0

    The awesome thing is that zero days are expensive, and these guys just burned three of them. That isn't endearing them to their supplier, who now needs to work up fresh ones. Lol, suckers!

  13. Israel supporting Arab nations now? by Anonymous Coward · · Score: 0

    Suspicious, Manor forwarded the link to researchers at the University of Toronto's Citizen Lab

    Should be Mansoor not Manor.

    I didn't know that Israel is not supporting UAE government, because I once thought all GCC countries cannot even accept Israelis as tourist in their country. Not even an overfly of Israel registered aircrafts on any GCC member. If that was already removed, then this is good news.

  14. Technical analysis by BlackSabbath · · Score: 4, Funny

    https://info.lookout.com/rs/05...

    1. Re: Technical analysis by Anonymous Coward · · Score: 0

      Lol, the malware installs a service called systemd onto the device.

      Oh the irony.

    2. Re: Technical analysis by WallyL · · Score: 1

      Malwares in the Windows world have been using system service names for ages. Alas, I can't remember any specific names right now, but I remember wondering about errant CPU usage and investigating the executable name and then purging it.