this post was submitted on 08 Sep 2023
254 points (98.8% liked)

Privacy

31882 readers
571 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
all 30 comments
sorted by: hot top controversial new old
[–] OsrsNeedsF2P@lemmy.ml 73 points 1 year ago (2 children)

Couldn't think of a better title, TL;DR via receiving an iMessage with a specially crafted image, an attacker can get full access to your device. Update iOS immediately to resolve the issue

[–] fartsparkles@sh.itjust.works 35 points 1 year ago (1 children)

PSA: Android just published a patch for a very similar vulnerability in their September Security release. You should update your Android devices ASAP.

[–] FederalAlienSmuggler@feddit.de 14 points 1 year ago (1 children)

Which CVE is that and where can i read a description of how this vulnerability is being used?

[–] fartsparkles@sh.itjust.works 6 points 1 year ago

CVE-2023-35674 No real details published yet but Google discussed it in their September security bulletin.

Damn…so this isn’t the fun kernel level access exploit.

This is the boring, my data could be compromised exploit.

[–] gamey@feddit.rocks 12 points 1 year ago

Fuck, the NSO group managed that shit again?!

[–] TheCaconym@hexbear.net 9 points 1 year ago (2 children)

lmao, iMessage again ? zero user interaction needed, again ?!

Well done Apple

[–] fartsparkles@sh.itjust.works 32 points 1 year ago* (last edited 1 year ago) (2 children)

It’s literally been 3 days since Android had a vulnerability of this exact nature: remote code execution with zero user interaction required (CVE-2023-35674).

Every piece of software has vulnerabilities lurking within. What matters is the velocity at which vendors address and resolve those vulnerabilities. Apple and Google are both exemplary at getting patches out quickly.

[–] sik0fewl@kbin.social 15 points 1 year ago (1 children)

Stop bringing up old news. We're hating on Apple today!

[–] fartsparkles@sh.itjust.works 2 points 1 year ago

Oops! I forgot to check the schedule.

[–] planish@sh.itjust.works 0 points 1 year ago (1 children)

Every piece of software has vulnerabilities lurking within.

Remind me why we put up with this again? Formal verification does exist.

[–] fartsparkles@sh.itjust.works 3 points 1 year ago

Formal Verification doesn't guarantee that the code is free of vulnerability, it just increases confidence in its security. It’s never perfect.

[–] nicman24@kbin.social 6 points 1 year ago

butbutbut... blue box

[–] pineapplelover@lemm.ee 7 points 1 year ago* (last edited 1 year ago)

It looks like I need to make some space for an update -.-

[–] Cwilliams@beehaw.org 3 points 1 year ago

I just relistened to Dark Net Diaries episode about this! (episode 100, titled NSO) Highly Recommend

[–] AzzyDev@beehaw.org 3 points 1 year ago (1 children)

Is this fixed if using the iOS 17 Beta?

[–] kryllic@programming.dev 1 points 1 year ago

I'd assume in the next public/developer preview, yeah

[–] xXthrowawayXx@hexbear.net 2 points 1 year ago

Lockdown mode stops it.

[–] darcy@sh.itjust.works 2 points 1 year ago

ios "the more secure choice" try not to have a 0-day exploit challenge