back to article Apple squashes security bugs after iPhone flaws exploited by Predator spyware

Apple emitted patches this week to close security holes that have been exploited in the wild by commercial spyware. The updates, which were issued yesterday and should be installed as soon as possible if not already, address as many as three CVE-listed flaws. We've just learned today that the Predator spyware sold by Intellexa …

  1. frankrider

    Scary...

    All these 'zero-click' exploits are kinda scary. It's almost like we're living in the 90's again and your computer/device can be instahacked just by connecting to the internet/phone network. I thought we were done with these types of exploits and most more-or-less required some user interaction or an unpatched system. These 'zero click' zero-days are enough to make one paranoid.

    1. Michael Wojcik Silver badge

      Re: Scary...

      Alas, we keep making things more complex, and complexity is the enemy of security. Automatically processing multimedia has been a huge source of these vulnerabilities, for example. Of course there's little or no need for the vast majority of applications to automatically process multimedia – it certainly hasn't made messaging applications better, to pick just one area that's been a boon to spyware companies and other malware creators.

  2. Anonymous Coward
    Anonymous Coward

    These clowns

    Isn’t it interesting how the wording is, with phrases like “ take full control of a device”, shouldn’t that read “ take full control of our device” or they could have gone with “ take full control of Apple™️ devices”.

    It’s almost as if they talking in the 3rd person, someone should tell them they are the ones who created this shitshow

    When you look at the new patch notification it tells you all about the wonderful new emoji and shit, but if you want to know about the swiss cheese you gotta go looking, almost as if they embarrassed or ashamed.

    Do corporations feel shame? i’m not convinced.

    1. Doctor Syntax Silver badge

      Re: These clowns

      “take full control of our device” sounds more like Microsoft's approach. I think Apple is more along the lines of "it's your device but you're not going anywhere outside our walled garden". I suppose vulnerabilities like these could have also opened up the possibility of 3rd party stores such as F-Droid run for Android phones.

  3. ebyrob

    Amazingly good bad event

    It's actually amazing to me. These guys closed up an exploit that is preventing this vendor from doing exactly what their users "clients" hired them to do. Spy on someone else's phone by installing some app on it.

    The fact this hole is caught and fixed. This is a high bar of security and good to see I think. Almost scary, but if we simply don't have any "spyware" available because of tight security, I think the world can live with that. (If anything, mirroring and other types of administrative controls should be coming in centrally through the front door only on devices that are purposely built around nanny ware or corporate infrastructure that converts devices to more of a "kiosk" where users are not meant to be trusted.)

    Simply installing a random app almost CANNOT compromise your phone. I suppose that is good news? I am a little scared by the Palladium / Right to Read / "trusted developer" model, but if I am free to side-load apps on Android via *.apk files and even root my android phone IF I WANT TO, then I suppose the balance that should exists.

    Amazingly tight security Apple and Google (and this third party guy). Keep it up, you're even working together on this. These are amazing times.

  4. 43300 Silver badge

    Looks from the list like MacOS 11 isn't being patched - rather demonstrates their inconsistent support policy as in theory this is still in support until version 14 is released shortly.

    At least with Microsoft they are very clear on the end of support dates for their products, and generall patch them up until that date (it's not often that I give Microsoft as an example of good practice!).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like