Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Says It's Already Fixed Many WikiLeaks Security Issues (usatoday.com)

Posted by BeauHD on from the one-step-ahead-of-you dept.

An anonymous reader quotes a report from USA Today: Apple says many of the vulnerabilities to its devices and software that came to light in WikiLeaks' revelations of CIA cyber weapons were already fixed in its latest updates. Late Tuesday, Apple emailed the following statement to USA TODAY: "Apple is deeply committed to safeguarding our customers' privacy and security. The technology built into today's iPhone represents the best data security available to consumers, and we're constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest OS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates." For its part, Samsung emailed its own statement Wednesday: "Protecting consumers' privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter."

16 of 109 comments (clear)

  1. Good. by BronsCon · · Score: 3, Interesting

    I'm glad to see positive response across the board, from Apple, Samsung, and I'm sure others. Especially Apple and Samsung, though, as I have many devices from both of them in my home.

    --
    APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    1. Re:Good. by pushing-robot · · Score: 4, Insightful

      Who cares? A response doesn't have to be original to be appropriate and sincere.

      "My cat died yesterday."
      "Oh, I'm sorry for your loss."
      "You're 'sorry.' Everybody's 'sorry!' What kind of generic bullshit sentiment is that?! Make an effort next time, asshole!"
      "I am no longer sorry."

      --
      How can I believe you when you tell me what I don't want to hear?
    2. Re:Good. by rtb61 · · Score: 3, Insightful

      When Apple are selling privacy as a premium over M$ and the Windows probe, not bullshit any more but a serious full on business principle that will win the their market. Privacy is pretty much becoming Apple's most valuable selling point (consider the poor get free and probed again and again and again ad infinitum not right to freedom and the better off pay for and get privacy and they will pay a premium for it ie freedom ain't free nowadays and you have to pay for it, want to be free of the probe prodding and a pounding up there, then you will have to pay and even when you pay in M$s case ha ha pound your privacy harder).

      There is billions in protecting privacy and make no mistake, you could imagine a company like Apple starting to sue people who invade the privacy of Apple customers via Apple devices (very, very expensive suits as they are also a financial attack on Apple, you can not sell privacy if they steal it from you, and I am talking Apples privacy that they are selling). Privacy is becoming serious business, really serious business.

      --
      Chaos - everything, everywhere, everywhen
    3. Re:Good. by fustakrakich · · Score: 2

      A response doesn't have to be original to be appropriate and sincere.

      Well, there lies the rub. Why should I believe they are 'sincere' every time they cough up this response when this happens?

      --
      “He’s not deformed, he’s just drunk!”
  2. Not Buying It by PeteJanda · · Score: 5, Insightful

    Anyone other than me believe that Apple, Samsung et al. (at a minimum) didn't look the other way before the Wikileaks dump? The OS-level issues really were unknowns for a long enough time that the CIA and other agencies could develop and deploy a playbook for hacking high value targets? What about the other elephant in the room... firmware?

    1. Re: Not Buying It by Anonymous Coward · · Score: 2, Interesting

      CIA et al didn't develop this. They bought them from black hats.

    2. Re:Not Buying It by Anonymous Coward · · Score: 2, Interesting

      According to the Apple announcement, the vulnerabilities were patched prior to the leak, so your insinuation doesn't fit with the facts.

    3. Re:Not Buying It by larkost · · Score: 3, Insightful

      That would be pretty silly for Apple, since now anyone who cares to download and figure out the exploits can test them for themselves. Someone checking them on this would be easy, and a huge black eye for Apple. You really are off into conspiracy theory territory.

  3. Now companies need spies in the CIA/FBI by yorgasor · · Score: 3, Interesting

    Since the CIA & FBI are keeping the vulnerabilities they find secret, these companies just need to start planting spies in the CIA & FBI to find out what bugs they have on their software.

    --
    Looking for a computer support specialist for your small business? Check out
  4. Re:Nope by 93+Escort+Wagon · · Score: 3, Funny

    TrueCrypt FDE on a laptop stored in a safe.

    ... encased in cement sitting on Mars.

    --
    #DeleteChrome
  5. Keep an eye out for Unlocked Phones by SeattleLawGuy · · Score: 3, Informative

    I'm glad to see positive response across the board, from Apple, Samsung, and I'm sure others. Especially Apple and Samsung, though, as I have many devices from both of them in my home.

    Keep an eye out for updates on "Unlocked" Phones that have switched networks. For some insane reason phones are marketed as "unlocked" when they can be used on another carrier's network, but *the security updates don't work* if you use them on the other network. These should probably be considered unmarketable and therefore not unlocked--and there should be a convenient way to pull signed security updates from the manufacturer instead of the carrier. Samsung and Apple issuing patches doesn't help if Verizon and AT&T fail to talk to each other enough for users on both networks to get the security updates, regardless of who originally installed a given phone's O/S.

    --
    Real lawyers write in C++
    1. Re:Keep an eye out for Unlocked Phones by BronsCon · · Score: 2

      You can often get updates direct from the manufacturer for Android phones; you just don't get them OTA. Even if not made generally available, they're more than happy to supply them to you if you call in and tell them you've managed to brick your firmware and need a factory image to restore from. thus far, I've been able to get them one way or another from Motorola (both pre- and post-acquisition), HTC, LG, and Samsung. I haven't yet not been able to get updates directly from a manufacturer.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    2. Re:Keep an eye out for Unlocked Phones by benjymouse · · Score: 2

      Updates for iPhones come direct from Apple. There's no gating by carrier, because Apple had the clout to tell the carriers to shove it when it came to customizing it with their particular crapware.

      It's called a "cloud", not a "clout".
      Use a spellchecker, dude!

      From https://www.vocabulary.com/dictionary/clout

      clout
      When you speak of someone having clout, it usually means that they communicate a sense of power or influence, particularly in the political sense. "You’ll wanna talk to that big guy over there if you want me to let you in. He’s got clout."

      Use a dictionary, dude!

      --
      Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
  6. Re:And we believe them... by tlhIngan · · Score: 2

    why? Because they don't opensource a thing.

    Because it's testable? The vulnerabilities are known now. You can easily take an iOS device, update it and test to see how many vulnerabilities are fixed and how many are still open.

    And Apple opensources the core - the kernel and low level code is open source. Not that it means it's bug free (Heartbleed anyone? Shellshock?) since many can exist for years before discovery and exploit.

    See the open source stuff for Apple here: https://opensource.apple.com/

  7. The difference by SuperKendall · · Score: 4, Insightful

    Apple is actually capable of making things relatively secure and makes choices that are unpopular but increase security (walled garden, deep restrictions on app access to platform, signing Mac apps required by default). They are looking out for people who truly cannot and will not understand security around technical devices.

    Samsung meanwhile may talk a good security game, but they put out truly half-assed effort with a billion exploit channels. How about TV's that can record audio and have full android installations to exploit? They put zero thought in how to handle the security implications of this system (to be fair, Amazon and Google are not far behind with Alexa like devices). Samsung and other companies consider user convenience first and security second - if at all.

    As for the rest of your absurd anti-Trump fantasy - Russia expected Hillary to win too. They only reason they gathered so much from the DNC was so that they'd have dirt to hold over on Hillary!

    Trump had zero to do with Russian hacks, I would love to hear your frothing rabid explanation for how exactly Russia "hacked the election". After all, all the hackers every did was show us what Hillary and the rest of teh elite DNC members said and did when people were not looking. Hillary lost because she is even more Hillary than people thought, not because Russia.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  8. Re: Apple are lying by Cute+Fuzzy+Bunny · · Score: 2

    Ok.

    Apple doesn't fix known exploit for 3 years:
    http://www.cultofmac.com/13261... /got bored and didn't read the other 3 million search hits.