Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs.
This is kind of a ridiculous take. I hate iPhones, but this is not a “hurr durr iPhones bad and insecure” moment. I implore you to look at the sophistication of this attack. The attack chain is so ridiculously long and complex, and only because of the security of the iPhone. This is not a script kiddie attack, and could only be executed by a very determined party.
No device is secure, and any and all computers could potentially fall victim to an attack like this, but it is absolutely ignorant to say that iPhones don’t offer any more security than other devices.
Yeah absolutely. This line from the article summs it up pretty well…
““What we do know—and what this vulnerability demonstrates—is that advanced hardware-based protections are useless in the face of a sophisticated attacker as long as there are hardware features that can bypass those protections.””
Edit: We also have no idea how many zero days there are in Android, either. 🤷♂️ But at least it’s a bit more open source than iOS 😂
Yeah. The moral is “every and all devices have an unknown number of zero-days inactive or actively being exploited at any given time”, not “iPhone is just as insecure as everything else”. There’s a difference, and credit is deserved where it’s due.
This is kind of a ridiculous take. I hate iPhones, but this is not a “hurr durr iPhones bad and insecure” moment. I implore you to look at the sophistication of this attack. The attack chain is so ridiculously long and complex, and only because of the security of the iPhone. This is not a script kiddie attack, and could only be executed by a very determined party.
No device is secure, and any and all computers could potentially fall victim to an attack like this, but it is absolutely ignorant to say that iPhones don’t offer any more security than other devices.
FYI: I don’t think you’re replying to someone acting in good faith.
That’s called projection.
Yeah absolutely. This line from the article summs it up pretty well… ““What we do know—and what this vulnerability demonstrates—is that advanced hardware-based protections are useless in the face of a sophisticated attacker as long as there are hardware features that can bypass those protections.””
Edit: We also have no idea how many zero days there are in Android, either. 🤷♂️ But at least it’s a bit more open source than iOS 😂
Yeah. The moral is “every and all devices have an unknown number of zero-days inactive or actively being exploited at any given time”, not “iPhone is just as insecure as everything else”. There’s a difference, and credit is deserved where it’s due.