Apple Says It's Already Fixed Many WikiLeaks Security Issues

An anonymous reader quotes a report from USA Today: Apple says many of the vulnerabilities to its devices and software that came to light in WikiLeaks' revelations of CIA cyber weapons were already fixed in its latest updates. Late Tuesday, Apple emailed the following statement to USA TODAY: "Apple is deeply committed to safeguarding our customers' privacy and security. The technology built into today's iPhone represents the best data security available to consumers, and we're constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest OS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates." For its part, Samsung emailed its own statement Wednesday: "Protecting consumers' privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter."

Good.

[BronsCon]

I'm glad to see positive response across the board, from Apple, Samsung, and I'm sure others. Especially Apple and Samsung, though, as I have many devices from both of them in my home.

Re:Good.

[fustakrakich]

"Apple is deeply committed to safeguarding our customers' privacy and security..."

"Protecting consumers' privacy and the security of our devices is a top priority at Samsung."

Always with the boilerplate response. Bullshit is the new sublime

Re:Good.

[Gr8Apes]

Having both, I keep my Apple devices updated, and my Samsung devices disconnected from the internet. Why, because only 1 of my Samsung devices is still supported by Samsung, as most are more than 18 months old and therefore unsupported.

Re:Good.

[BronsCon]

I tend not to keep devices for that long, save for my TV which is going on 6 years now, so that's not really a concern for me. In fact, this is the longest I've kept a cell phone in nearly 2 decades. I won't disagree that it can be an issue for others, though.

Re:Good.

I'm glad to see positive response across the board, from Apple, Samsung, and I'm sure others. Especially Apple and Samsung, though, as I have many devices from both of them in my home.

WikiLeaks needs to release more information. This way Apple can tell us how much more stuff they have already fixed.

Re:Good.

I'm glad to see positive response across the board, from Apple, Samsung, and I'm sure others.

Trust, but verify. Screw it, why would you even trust these companies?

Re:Good.

[pushing-robot]

Who cares? A response doesn't have to be original to be appropriate and sincere.

"My cat died yesterday."
"Oh, I'm sorry for your loss."
"You're 'sorry.' Everybody's 'sorry!' What kind of generic bullshit sentiment is that?! Make an effort next time, asshole!"
"I am no longer sorry."

Re:Good.

[rtb61]

When Apple are selling privacy as a premium over M$ and the Windows probe, not bullshit any more but a serious full on business principle that will win the their market. Privacy is pretty much becoming Apple's most valuable selling point (consider the poor get free and probed again and again and again ad infinitum not right to freedom and the better off pay for and get privacy and they will pay a premium for it ie freedom ain't free nowadays and you have to pay for it, want to be free of the probe prodding and a pounding up there, then you will have to pay and even when you pay in M$s case ha ha pound your privacy harder).

There is billions in protecting privacy and make no mistake, you could imagine a company like Apple starting to sue people who invade the privacy of Apple customers via Apple devices (very, very expensive suits as they are also a financial attack on Apple, you can not sell privacy if they steal it from you, and I am talking Apples privacy that they are selling). Privacy is becoming serious business, really serious business.

Re:Good.

[BronsCon]

Because the alternative is going off-grid. Just be selective in what you trust them to do and you'll be fine. I fully expected that they, at least these two, would deny, deny, deny; yet here they are admitting the holes existed. Does that mean I trust that they actually patched them? Irrelevant, really, as I'm absolutely positive there are plenty of others, which were not revealed in this recent disclosure and remain unpatched. But no, I do not.

Re:Good.

Cool story bro

Re:Good.

I'm glad to see positive response across the board, from Apple, Samsung, and I'm sure others. Especially Apple and Samsung, though, as I have many devices from both of them in my home.

I once had a dream where months of Trump audio recordings were released on the Internet, likely from one or more hacked devices. They would arrive in time to wake people up. That dream, like most crazy dreams, didn't work out so well...

Re:Good.

[rakslice]

Seeing as these companies stop issuing software updates for previous models before (in some cases well before) telcos' scheduled replacements for the last ones they sent to customers come up, it's hard not to read these statements as basically "the security of our customers is a such a high priority that we will actually try to ensure it, some of the time, if you're lucky".

Re:Good.

[ArmoredDragon]

Who cares? A response doesn't have to be original to be appropriate and sincere.

In general, yes, but Samsung has a long, long history of not giving a shit about security on their smartphones even though they always pretend to.

Re:Good.

[fustakrakich]

A response doesn't have to be original to be appropriate and sincere.

Well, there lies the rub. Why should I believe they are 'sincere' every time they cough up this response when this happens?

Re:Good.

I think the problem is it isn't sincere. Apple have repeatedly demonstrated that Security is a long way down the list to things they consider more important like usability, convenience and whether or not they have the time or desire to fix a problem.

Re: Good.

So you wanted him to be hacked and that data released to the public. I am gonna guess that you feel otherwise about certain other hacking that went on.

Re:Good.

Not to mention their lovely smart TV sets that were "accidentally" recording every conversation around them and sending the recordings to some third party for analysis. There is real commitment alright, but it's not for the consumers' protection.

Re:Good.

[Gr8Apes]

It used to not be an issue for me either. However, with the CPU performance bottleneck receding for most of my phone needs, updating a phone has become much less pressing over the past 3 years. At this point the only thing really motivating an update outside of various types of hardware failures including, ahem, dropping your device in a pool or the like.... is lack of updates.

Note also that AVRs, TVs, BD players, and a host of other devices all desire internet connectivity these days. Mine don't have it, so updates are irrelevant. I prefer to run everything through a single control point, my HTPC, and it's one I pretty much control.

Re:Good.

Not to blame the victim or anything, but really... with all the 'features' added to a TV, (advertisements, stations & times watched, recording voices/preferences, etc.), it's a wonder anyone uses these at all. If ANYTHING plug in a different device and use that. Unplug the TV from the net!

Re:Good.

[BronsCon]

I do have my TV on my network; however, it is not a smart TV, just just has a media player feature. It will try to phone home if I tell it to check for updates; however, because I have its MAC blocked at the firewall, it can't. I check manually form time to time and, well, there have been 0 updates in the past 6 years anyway.

It's also not one of the models with a mic and/or camera, so I feel I'm being just the right level of paranoid; I just don't want it getting an "update" that ends up pwning my network.

Re:Good.

[Plumpaquatsch]

I think the problem is it isn't sincere. Apple have repeatedly demonstrated that Security is a long way down the list to things they consider more important like usability, convenience and whether or not they have the time or desire to fix a problem.

Yeah, that's why what Apple says after the boilerplate is "While our initial analysis indicates that many of the issues leaked today were already patched in the latest OS, we will continue work to rapidly address any identified vulnerabilities.", while Samsung says "We are aware of the report in question and are urgently looking into the matter."

Because Apple is not sincere and doesn't really care about security and Samsung is sincere and does care about security.

And we believe them...

why? Because they don't opensource a thing.

Re:And we believe them...

apple.com/opensource

Re:And we believe them...

[tlhIngan]

why? Because they don't opensource a thing.

Because it's testable? The vulnerabilities are known now. You can easily take an iOS device, update it and test to see how many vulnerabilities are fixed and how many are still open.

And Apple opensources the core - the kernel and low level code is open source. Not that it means it's bug free (Heartbleed anyone? Shellshock?) since many can exist for years before discovery and exploit.

See the open source stuff for Apple here: https://opensource.apple.com/

Re:And we believe them...

Ok modders, which one of you idiots upvoted this comment before fact checking it?

Not Buying It

[PeteJanda]

Anyone other than me believe that Apple, Samsung et al. (at a minimum) didn't look the other way before the Wikileaks dump? The OS-level issues really were unknowns for a long enough time that the CIA and other agencies could develop and deploy a playbook for hacking high value targets? What about the other elephant in the room... firmware?

Re: Not Buying It

CIA et al didn't develop this. They bought them from black hats.

Re:Not Buying It

According to the Apple announcement, the vulnerabilities were patched prior to the leak, so your insinuation doesn't fit with the facts.

Re:Not Buying It

[TheFakeTimCook]

Anyone other than me believe that Apple, Samsung et al. (at a minimum) didn't look the other way before the Wikileaks dump?

Nope.

Just you.

Re:Not Buying It

Nope, anyone who isnt a mindless Apple fanboy like you believes it.

Re:Not Buying It

[fustakrakich]

According to the Apple announcement, the vulnerabilities were patched prior to the leak... What 'facts' are you talking about?

Re: Not Buying It

They came from a different sources. Some in-house; some from private companies; some from collected exploits from other intelligence agencies; and some collected from foreign intelligence sources.

Re:Not Buying It

Perhaps, the only reason the information was leaked in the first place is because 'those' vulnerabilities have been fixed and there's no value to them anymore.

Re:Not Buying It

> What about the other elephant in the room... firmware?

I honestly wonder if Intel's IME & AMD's equivalent wasn't designed by the government. Hmm, so you have a processor on my processor that's totally a black box and it can control the entire machine? Who here doesn't believe they own that thing completely?

Re:Not Buying It

[larkost]

That would be pretty silly for Apple, since now anyone who cares to download and figure out the exploits can test them for themselves. Someone checking them on this would be easy, and a huge black eye for Apple. You really are off into conspiracy theory territory.

Re:Not Buying It

if they are in bed with the NSA I dont know why they wouldn't also be in bed with the CIA...

Re:Not Buying It

[AHuxley]

The crypto held as so many smart people around the world use it and international conferences have faith in quality crypto.
Re "The OS-level issues really were unknowns for a long enough time that the CIA and other agencies could develop and deploy a playbook for hacking high value targets? What about the other elephant in the room... firmware?"
The trendy device is the "elephant in the room". Interesting people want to carry and be seen with a US designed device. A powered device with a mic, camera, gps, video and text to collect with.
The way in is the OS, software and hardware. The user creates a message, the CIA gets a copy. The user gets a message, the CIA gets a copy.
The crypto protected the message but the end points fail due to hardware and OS design?
Why would any brand be that sloppy and allow an OS to copy and send out data acting as such malware given all the past malware efforts?
Over time different groups found the same issues in the wild and over the years everything got more secure.
Yet the CIA stays in? Would the CIA risk ever losing an interesting person given random OS upgrades and what internal and external efforts might have found?
The next question is why was the CIA was not seen in the hardware, software extracting copies of data and having that data sent out.
Thats a lot of new data usage and some extra code to find. Why is no "app" or the OS or telco looking for such changes in closed hardware and software?
How is that been hidden?
The telco gets a police setting and fails to report the extra data usage?
A police setting helps hide such code for law enforcement globally and the CIA gets to stay in deep with the same methods?
Big US brands don't have a complex production line for every nation, so police access has to be granted globally or devices won't get sold in a lot of nations under their national telco laws.

Re: Not Buying It

This is part one of seven dumps coming. Get me some popcorn.

Re:Not Buying It

O come on, unless you are an utter 'hater' what makes you believe otherwise? Think about it. There is now sufficient information for others to simulate the exploits & though I haven't looked around I presume you can get the tools to check for the exploits yourself. There are tonnes of independent security researchers out there that can replicate these exploits and test the veracity of Apple's statement. What then could it benefit Apple if they haven't actually fixed 'many of the vulnerabilities' (note not ALL so they do leave open the possibility they still have to fix some) but say they have? Think about it. In a couple of weeks we'll have security researchers reporting on these vulnerabilities, their applicability, how easy/hard they are to exploit etc AND whether or not they still exist in a the 'latest iOS versions' that supposedly 80% of Apple's customers have...if they are lying they'll be caught soon enough.

I owned 1 Apple product in my life (an iPad) and I gave it away. I'm 53, been in the 'technology biz' since I was 18. I have no love of Apple, MS or other behemoths. I keep a healthy dose of skepticism but I also use my brain...something I suggest you try some time.

Re:Not Buying It

What incentive would they have to do so? This is stupid. Apple and Samsung want their systems to be secure. If the CIA can find the exploits so can anyone else.

The Wikileaks dump, as usual, was more hype than substance. It's just a dump of run-of-the-mills exploit info/research/implementation notes that you would expect the CIA to have. This is literally their mission.

The only thing of note is that it was leaked to Wikileaks. The who and the why are the real story. If anything about the exploit dump is shocking to you, you're an idiot.

You want a conspiracy theory? Here's one that doesn't fit your narrative-

It's fairly obvious team Trump were in contact with Russian security services. We knew this before the election and more revelations keep dripping out every week anyway. - The motive? Same game they've been up to for the past half-decade. Stir up political shit in western nations to make them weaker. Trump is the master shit-disturber, for obvious reasons. They didn't even care if Trump won.

Fast forward to recent events - CIA knows what was going on because it's their fucking job. Russia is getting skittish because the truth lends credibility to the idea that they're running organized propaganda/disinfo programs supporting radical far-right media and political groups. The Trump administration knows the CIA knows. Russia knows the Trump administration knows the CIA knows.

Sooo.. Wikileaks, which is known to happily re-publish leaks from Russian intelligence operations. (Its their job to publish all interesting leaks really), makes yet another wonderfully timely release that affects a US entity that is causing the Russians trouble right now.

It's all a giant clusterfuck heading for disaster and everyone is trying to mitigate the incoming fallout. (Russia's been busy offing and vanishing spooks that were in charge of feeding team Trump helpful hints and info and directing far-right media efforts in the US)

Re:Not Buying It

[TheFakeTimCook]

Perhaps, the only reason the information was leaked in the first place is because 'those' vulnerabilities have been fixed and there's no value to them anymore.

So now WIKILEAKS is part of the Conspiracy?!?!?

Re:Not Buying It

Here's tech Trump supporter logic. Apple is for "cucks", "cucks" are "liberals"/"leftists". Trump distrusts the intel community now. WL dump is used to make the intel community look bad and untrustworthy, that narrative being pushed along by Trump supporters and the propaganda crew who are trying to paint them as rogue and using all of these tools against everyone. Since Apple isn't seen as on team Trump in their eyes, they spread propaganda that Apple lies and is actually in bed with the intel community. They leave out whatever OS and devices they use from these allegations. Apparently Android is fine with Trump supporters, no "cucks" use those, so everyone can trust those phones, the manufacturers, and Google, but not Apple!

Re:Not Buying It

[UnknowingFool]

You mean a company whose reputation is under intense criticism all the time like Apple would never patch holes they know about. Have you thought about what you just said? Granted Apple might not be the most best at finding holes or transparent about them; that does not mean they don't try to patch them when they find about them.

Re:Not Buying It

[UnknowingFool]

How old is the information from WikiLeaks? Your assumption is that all the information is current and not older. My analysis of the WikiLeaks dump is that the information starts from 2014.

Now companies need spies in the CIA/FBI

[yorgasor]

Since the CIA & FBI are keeping the vulnerabilities they find secret, these companies just need to start planting spies in the CIA & FBI to find out what bugs they have on their software.

Re: Now companies need spies in the CIA/FBI

Yeah, and then thrown in prison for espionage. Great idea!

More likely, the inside CIA guys at Apple would find him out, anyway.

Nope

"...The technology built into today's iPhone represents the best data security available to consumers".

TrueCrypt FDE on a laptop stored in a safe.

Re: Nope

I think you're on the wrong side of the usability/security tradeoff for most people.

If you read it "of the technologies available to most people, an IOS device is the most secure", its probably true.

Re: Nope

[BronsCon]

TrueCrypt is available to most people; it is free and not too difficult to set up. A safe can be had for $100 or less. If you can afford an iPhone, you can afford a laptop and a safe. Affording TrueCrypt is a given, as it's free. That's not where that AC's argument falls apart.

That argument falls apart when you realize that TrueCrypt hasn't been under active development in quite some time and has, in fact, been abandoned by its developers with a warning that it may be vulnerable. Coupled with the fact that even the most expensive of safes are trivial to crack when compared to decent full disk encryption, which renders the entire "safe" point meaningless as well.

Re: Nope

Any safe can be cracked.

The purpose of placing the laptop in a safe is for tamper evidence -- ie. detecting an "evil maid"-style attack.

Re:Nope

[93+Escort+Wagon]

TrueCrypt FDE on a laptop stored in a safe.

... encased in cement sitting on Mars.

Re: Nope

[BronsCon]

Assuming the safe was cracked, and not destructively broken into, such detection is not reliable. Crack the safe, extract the contents, copy the data, replace the contents, re-lock the safe, and turn the dial back to its original position.

It might not be the simplest of operations for some safes but, again, it's trivial in comparison to cracking decent encryption. If you can crack the encryption, the safe will barely slow you down; if you can't, then I don't care if you have a copy of the encrypted data. The safe is pointless.

Re: Nope

[johnsie]

Blackberry is more secure than IOS and always has been. Also, less apps in the ecosystem adds an extra level of security.

Re: Nope

[Wulf2k]

What if I can't crack the encryption but I am capable of slipping in something to log your keystrokes?

Re: Nope

I agree Even their Android phones are hardened with hardware checks at several points in the boot process to ensure against jailbreaks.

Re: Nope

[BronsCon]

Then the laptop is still no less secure than the iPhone, to which that can also be done.

"Legitimate documents"

I guess that answers whether the leaks were legitimate. The first spate of news after the leaks tried to paint a "if you've done nothing wrong" picture and adding speculation on if it was even legit.

And, of course, the "if you've done nothing wrong, you have nothing to hide" argument is complete BS when it comes to privacy issues.

Wikileaks is a WINNER

And already this leak provides benefits to end-users. The more of these leaks that occur, the more the news reports them, the more people that don't have a CLUE about security will at least ask 'how secure is this device', they may not understand the answer but the market will decide & us 'geeks' are the ones that must push that market by clearly explaining which products are the 'best', which companies take security as a 'tier 1' feature of their products etc.

Push comes to shove, whether any of the information in these leaks is currently 'valid' (for various values of 'valid') doesn't matter. Its back in the spot light again & that will help society overall as vendor's feet are held to the fire. Seriously, regular consumers may have 0 clue as to the probability of the CIA 'hacking their car', but the fact its out there as a possibility discussed by the CIA as an option will hopefully make consumers aware of the security issues involved in buying vehicles that nobody actually vets for security.

At least we can hope.

Keep an eye out for Unlocked Phones

[SeattleLawGuy]

I'm glad to see positive response across the board, from Apple, Samsung, and I'm sure others. Especially Apple and Samsung, though, as I have many devices from both of them in my home.

Keep an eye out for updates on "Unlocked" Phones that have switched networks. For some insane reason phones are marketed as "unlocked" when they can be used on another carrier's network, but *the security updates don't work* if you use them on the other network. These should probably be considered unmarketable and therefore not unlocked--and there should be a convenient way to pull signed security updates from the manufacturer instead of the carrier. Samsung and Apple issuing patches doesn't help if Verizon and AT&T fail to talk to each other enough for users on both networks to get the security updates, regardless of who originally installed a given phone's O/S.

Re:Keep an eye out for Unlocked Phones

[BronsCon]

You can often get updates direct from the manufacturer for Android phones; you just don't get them OTA. Even if not made generally available, they're more than happy to supply them to you if you call in and tell them you've managed to brick your firmware and need a factory image to restore from. thus far, I've been able to get them one way or another from Motorola (both pre- and post-acquisition), HTC, LG, and Samsung. I haven't yet not been able to get updates directly from a manufacturer.

Re:Keep an eye out for Unlocked Phones

[lokedhs]

I've heard about software updates being pushed by the carrier instead of the vendor, but my understanding is that this is something that is strictly limited to the US market. In the rest of the world things work the way they are supposed to.

Re:Keep an eye out for Unlocked Phones

[santiago]

Updates for iPhones come direct from Apple. There's no gating by carrier, because Apple had the clout to tell the carriers to shove it when it came to customizing it with their particular crapware.

Re:Keep an eye out for Unlocked Phones

[cstacy]

Updates for iPhones come direct from Apple. There's no gating by carrier, because Apple had the clout to tell the carriers to shove it when it came to customizing it with their particular crapware.

It's called a "cloud", not a "clout".
Use a spellchecker, dude!

Re:Keep an eye out for Unlocked Phones

[benjymouse]

Updates for iPhones come direct from Apple. There's no gating by carrier, because Apple had the clout to tell the carriers to shove it when it came to customizing it with their particular crapware.

It's called a "cloud", not a "clout".
Use a spellchecker, dude!

From https://www.vocabulary.com/dictionary/clout

clout
When you speak of someone having clout, it usually means that they communicate a sense of power or influence, particularly in the political sense. "You’ll wanna talk to that big guy over there if you want me to let you in. He’s got clout."

Use a dictionary, dude!

Re:Keep an eye out for Unlocked Phones

[thegarbz]

What's a locked phone? Is that an American thing? I thought the entire world abolished carrier locking in the 90s.

Re:Keep an eye out for Unlocked Phones

Are you an idiot?

Because you just made yourself look like an idiot.

Re:Keep an eye out for Unlocked Phones

You're an American, I take it. That's some education system you have over there.

Re: Keep an eye out for Unlocked Phones

I dunno what shitty system do you have in USA? Here i just put my iphone and samsung phone on my wifi and they download updates from apple and google. Sometimes even from samsung... srsly buy directly from manufacturers...

Re:Keep an eye out for Unlocked Phones

[cstacy]

AC's apparently too dumb to get jokes,
probably due to living in a country with a poor education system...

I recommend that you continue to post as AC for the sake of your reputation

sigh

Re:Keep an eye out for Unlocked Phones

[Plumpaquatsch]

AC's apparently too dumb to get jokes, probably due to living in a country with a poor education system...

I recommend that you continue to post as AC for the sake of your reputation

sigh

Wait, the "joke" was that somebody only pretended to be uneducated, and to an American being uneducated is funny. Yeah, that explains a lot.

Key word: Many

[hackwrench]

Many issues were patched. That isn't the same as all. And only recently? Why weren't they found and patched sooner and not conveniently just before they were to become widely known?

Re:Key word: Many

[BronsCon]

They weren't patched before they were known because they weren't yet known. They haven't all been patched yet because they've only been known for a handful of days and patches don't write themselves just because you know about the vulnerabilities. Patching any non-trivial issue without introducing other non-trivial issues takes time.

Re:Key word: Many

[hackwrench]

So why was the timing between when they became known to Apple and when they were revealed to the wider audience in such a manner so short? I believe in coincidence;, coincidences happen every day. I just don't trust coincidences.

Re:Key word: Many

[BronsCon]

It's quite possible that someone within WikiLeaks disclosed them privately before disclosing them publicly. That would have been the responsible thing to do.

It's also possible that the CIA leaked the documents themselves after a number of the vulnerabilities had already been discovered. I find this less likely, as there were many vulnerabilities disclosed which have not yet been patched.

Those, of course, are only two possibilities; both of which are pure speculation.

That said, Apple has known about the gaping hole that is hot code pushing for years now and only decided to enforce their already existing rules against it very recently, so it could also be complete incompetence on the part of the vendor.

At any rate, when we've seen that products from all vendors are equally vulnerable, does it really matter who we buy from? I'd say it does not and there's no point in arguing that one is more secure than another now that we've been shown that this simply is not the case.

Re:Key word: Many

[Cute+Fuzzy+Bunny]

So you're saying we have known knowns, unknown knowns, and known unknowns?

Re:Key word: Many

[BronsCon]

Yeah, more or less. Same as ever.

Re:Key word: Many

[tinkerton]

I can think of more possibilities: the zero day bugs were already discovered independently and were already fixed when the CIA leaks were published.
Less likely, Apple had agreed to delay fixing some bugs. More likely , Apple knew there were some zero day bugs the CIA was making use of but did not know which ones, and was not trying to find out.

Re:Tipped off?

[hackwrench]

Which could have been just after they were tipped off rhat they were going to be leaked.

What is Ghidra and why is it on Apple.net ?

I'm more interested in this page: https://wikileaks.org/ciav7p1/cms/page_23593064.html

To me this seems to advise people working for the CIA to connect to apple.net (Apple) via CIFS (SMB share) and download some package.

Which would then suggest that Apple has a backdoor entrance for their friends at the CIA. HUH?!

There's more mention of that towerpower.apple.net host at https://wikileaks.org/ciav7p1/cms/page_38633491.html where they connect to get updates for their OS X just like normal OS X users would through other Apple servers.

Apple are lying

they have repeatedly in the past ignored critical security flaws for up to a year, even when being bombarded with trivial solutions to it from renowed security experts. Apple will leave security holes open as long as NSA/CIA/whoever makes that decision, tells them to.

Re: Apple are lying

Really? Care to provide 2 or more examples of Apple ignoring a known flaw for over a year? For this purpose, lets say 'known flaw' == 'has a CVE number'. I'll be honestly surprised if you can.

Re: Apple are lying

[Cute+Fuzzy+Bunny]

Ok.

Apple doesn't fix known exploit for 3 years:
http://www.cultofmac.com/13261... /got bored and didn't read the other 3 million search hits.

Re: Apple are lying

[AHuxley]

Another one was 14 mins in
https://www.youtube.com/watch?...

The difference

[SuperKendall]

Apple is actually capable of making things relatively secure and makes choices that are unpopular but increase security (walled garden, deep restrictions on app access to platform, signing Mac apps required by default). They are looking out for people who truly cannot and will not understand security around technical devices.

Samsung meanwhile may talk a good security game, but they put out truly half-assed effort with a billion exploit channels. How about TV's that can record audio and have full android installations to exploit? They put zero thought in how to handle the security implications of this system (to be fair, Amazon and Google are not far behind with Alexa like devices). Samsung and other companies consider user convenience first and security second - if at all.

As for the rest of your absurd anti-Trump fantasy - Russia expected Hillary to win too. They only reason they gathered so much from the DNC was so that they'd have dirt to hold over on Hillary!

Trump had zero to do with Russian hacks, I would love to hear your frothing rabid explanation for how exactly Russia "hacked the election". After all, all the hackers every did was show us what Hillary and the rest of teh elite DNC members said and did when people were not looking. Hillary lost because she is even more Hillary than people thought, not because Russia.

Re:The difference

[BronsCon]

Samsung meanwhile may talk a good security game, but they put out truly half-assed effort with a billion exploit channels. How about TV's that can record audio and have full android installations to exploit?

Samsung's phones, at least those with Knox, are DoD approved for government communications. Just sayin'.

Re:The difference

Lol my Anti-trump fantasy is tweeting dumb shit from the oval office every week. That man is his own worst enemy. Trump getting in to office was the accident and we're now in the consequences phase.

At what point did I suggest Russia hacked the election? This isn't about the election. That's your hangup. Your desperate rationalization to prove to yourself that "leftists" are all frothing morons and that that things aren't as bad as they seem.

This is about how team's Trump's squad of losers almost certianly played hanky panky with Russian security services, and how it's going to be one of the elements that brings the administration down. They didn't do it because it's some grand conspiracy. They did it because they're clueless and easily manipulated.

Trump badmouthing the CIA, and the CIA leaks happening at the same time are no coincidence. Trump is listens to his advisers because, when it comes down to it, he's little more than a personality. His advisers are shitting bricks and telling him that the bad ol CIA has it out for him. Russia directs CIA infodump leak to help discredit the CIA.

Russia just wants to wash their hands of the mess and provide plausible deniability. Kicking the CIA while they're down is also a natrual goal considering what the CIA does.

Re:The difference

[Uberbah]

Apple is actually capable of making things relatively secure and makes choices that are unpopular but increase security (walled garden, deep restrictions on app access to platform, signing Mac apps required by default). They are looking out for people who truly cannot and will not understand security around technical devices.

Or, more simply: with Apple, you are the consumer. With Samsung or any other Android manufacturer, the user is the product for Google's advertising and data mining businesses.

Trump had zero to do with Russian hacks, I would love to hear your frothing rabid explanation for how exactly Russia "hacked the election".

The entire Trump/Russia storyline is nothing more than the Birthering of the Democrats: people willing to believe the most pathetic bullshit if it undermines someone from the opposing party they don't like. That was true before this morning, but after this morning's Wikileaks dump - including a tidbit that the CIA can "fake" cyber attacks as coming from Russia - anyone who mindlessly repeats the Trump/Russia conspiracy theory isn't smart enough to handle their live savings, and send it to me, now. I'm a Nigerian prince after all, which means I know how to handle money....

Re:The difference

This "Democrat Birthering" has done in one Trump cabinet member and and is about to do in another. (The code phrase for 'you're fucked' in politics is "complete confidence") - Both of which were part of team trump's election crew.

They didn't steal the election. They got help from Russian security services during the election and are currently being caught lying about it. - Funny how it's never the crime, but being caught lying about it?

Someone knows about it. They're knocking over Trump's close allies one by one, isolating Trump until the man in his isolated paranoia does something dumb enough to force Congress to get rid of him. - And lets face it. Trump's not a particularly smart politician. He watches Cable news and then tweets about it.. Directly. Without really asking anyone to, you know, check it out first. That's what the Obama wire tapping thing was about this weekend.

That's an OK thing for your uncle Ted to do. Not the President. It's really only a matter of time.

Re:The difference

[thegarbz]

They are looking out for people

They achieve security, but don't pretend for a moment that the above ways of doing it is "looking out for people". They look out for people's wallets, but that's where their interest with people ends.

Walled garden while adding security is no because of security, and the same can be said for your other points.

Re:The difference

There's one critical difference between the birther bullshit and this:

Obama was born in Hawaii. It was a complete fabrication.

The Drumpf people REALLY DID TALK TO THE FUCKING RUSSIANS. There's really no question that it happened.

Re:The difference

[SuperKendall]

Samsung's phones, at least those with Knox, are DoD approved for government communications. Just sayin'.

You mean the same government that just had a giant dump of classified NSA stuff leaked? HMMMMM. They sure do know security!

Re:The difference

[BronsCon]

Considering that what was leaked was, quite literally, primarily a list of vulnerabilities, I'd say they do. Of course, with all these unpatched and in-use vulns, one of them was bound to be used to exfiltrate data. The DoD wouldn't have approved it for classified communications if they had known unpatched vulnerabilities.

That said, Google did recently identify a vuln in the ASLR used by Knox, which Samsung is working on fixing. There's not a whole lot you can do with it on the typical non-rooted Samsung phone, though, as one would require escalated privileges to be able to overwrite kernel or application RAM to inject their malware in the first place.

You forgot one possibility

[hackwrench]

The CIA got wing of the fact that WikiLeaks were going to do the release and tipped off the manufacturers to reduce the amount of anything to see here.

Re:You forgot one possibility

Extraordinary claims require extraordinary evidence.

Re:You forgot one possibility

[BronsCon]

I didn't "forget" any possibilities, nor did I fail to list just "one"; there are many, many more than just three possibilities. I plainly stated that I was only providing two possibilities, I never said they were the only two.

Come on, I know you can read and comprehend better than that; I've seen you follow a conversation here before.

Nice bit of speculation, though.

Re:You forgot one possibility

[hackwrench]

I can, but I find it slows me down to getting to some more entertaining stuff. I even have a saying for my and others failure to do so. Learning when to read. I know how to read, just need more practice on learning when to read sometimes, though just because I have skimmed something when someone else expresses a sentiment that I should have paid closer attention doesn't mean that either one of us would have gotten to more entertaining fare had I paid more attention.

Re:You forgot one possibility

[BronsCon]

Did you get to more entertaining fare by skimming my comment, though? It doesn't seem so.

Re:You forgot one possibility

[hackwrench]

I got to stating my possibility faster, which was the entertainment I most wanted to get to at the time.

IF

[hduff]

IF they were deeply committed, they would have fixed them all by now.

Re:IF

They fixed them in 1 day? Either they knew about them already or they are BS'ng us. 1 day. I seriously doubt that was tested coded and fixed that fast. It is 'maybe possible' but smells like bullshit. Just not sure if it is skunk shit or cow shit. It just smells.

Re:IF

[Cute+Fuzzy+Bunny]

If they were deeply committed, well, they wouldn't be able to fix code while in a straight jacket and heavy meds.

If they were really deeply committed, they'd write code without security holes in it.

And I'm here to tell you that most are not fixed

Just so you know.

Re:Extraordinary

[hackwrench]

Fine. I hereby declare all claims ordinary. You're welcome. The point being is, what makes something extraordinary, both in claims and evidence. Investigating and monitoring ordinary people? "Extraordinary!"

Re:And I'm here to tell you that most are not fixe

I'd even venture to say the next few "patches" will be installing completely different yet similar "security holes". Just as soon as the CIA has been trained to use them.

Pointless subject line that I dont need

[Cute+Fuzzy+Bunny]

Isn't it sort of a fact that the security holes haven't even been fully sorted out yet?

Fix Tor Browser

Dear Wikileaks, ever thought about looking at other agencies? I don't like child porn either, but I also don't like the thought of dictatorship governments killing people for free speech. I'm sure a few members could appreciate the concern. Help the Tor team fix this. The FBI has literally dropped child porn cases just to protect the vulnerability existence. This is wrong. They also run most of those websites to trap people. If they are really that against it, how about not being the main supplier?

Re:Fix Tor Browser

Tor, not just Tor browser, have an intentional weakness. Ever wonder why those pesky ads running javascript at the background can't be disabled? Disable the ad networks within tor and it will be safer. Some ads have exploits, have embedded malwares.

Amazing...

Its almost like they knew about them and had fixes already in storage for those there exploits!!! Genius?? Nefarious?? You decide!!!

That's exactly right

[SuperKendall]

I was just thinking the other day, the insanity of this Russia stuff is just like those idiots that kept claiming Obama was not born in the U.S.

Great comparison.