this post was submitted on 08 Sep 2023
254 points (98.8% liked)

Privacy

31859 readers
131 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
all 30 comments
sorted by: hot top controversial new old
[–] [email protected] 73 points 1 year ago (2 children)

Couldn't think of a better title, TL;DR via receiving an iMessage with a specially crafted image, an attacker can get full access to your device. Update iOS immediately to resolve the issue

[–] [email protected] 35 points 1 year ago (1 children)

PSA: Android just published a patch for a very similar vulnerability in their September Security release. You should update your Android devices ASAP.

[–] [email protected] 14 points 1 year ago (1 children)

Which CVE is that and where can i read a description of how this vulnerability is being used?

[–] [email protected] 6 points 1 year ago

CVE-2023-35674 No real details published yet but Google discussed it in their September security bulletin.

[–] [email protected] 18 points 1 year ago

Damn…so this isn’t the fun kernel level access exploit.

This is the boring, my data could be compromised exploit.

[–] [email protected] 12 points 1 year ago

Fuck, the NSO group managed that shit again?!

[–] [email protected] 9 points 1 year ago (2 children)

lmao, iMessage again ? zero user interaction needed, again ?!

Well done Apple

[–] [email protected] 32 points 1 year ago* (last edited 1 year ago) (2 children)

It’s literally been 3 days since Android had a vulnerability of this exact nature: remote code execution with zero user interaction required (CVE-2023-35674).

Every piece of software has vulnerabilities lurking within. What matters is the velocity at which vendors address and resolve those vulnerabilities. Apple and Google are both exemplary at getting patches out quickly.

[–] [email protected] 15 points 1 year ago (1 children)

Stop bringing up old news. We're hating on Apple today!

[–] [email protected] 2 points 1 year ago

Oops! I forgot to check the schedule.

[–] [email protected] 0 points 1 year ago (1 children)

Every piece of software has vulnerabilities lurking within.

Remind me why we put up with this again? Formal verification does exist.

[–] [email protected] 3 points 1 year ago

Formal Verification doesn't guarantee that the code is free of vulnerability, it just increases confidence in its security. It’s never perfect.

[–] [email protected] 6 points 1 year ago

butbutbut... blue box

[–] [email protected] 7 points 1 year ago* (last edited 1 year ago)
[–] [email protected] 5 points 1 year ago

It looks like I need to make some space for an update -.-

[–] [email protected] 3 points 1 year ago (1 children)

Is this fixed if using the iOS 17 Beta?

[–] [email protected] 1 points 1 year ago

I'd assume in the next public/developer preview, yeah

[–] [email protected] 3 points 1 year ago

I just relistened to Dark Net Diaries episode about this! (episode 100, titled NSO) Highly Recommend

[–] [email protected] 2 points 1 year ago

Lockdown mode stops it.

[–] [email protected] 2 points 1 year ago

ios "the more secure choice" try not to have a 0-day exploit challenge