Huge Apple Source Code Leak ( EDIT: update)

[RuffRuffmcgruff]

 

3 hours ago, RorzNZ said:

Its not sarcasm. Apple is the most secure company software wise and this is why. Apple keeps everything locked down and finely tuned to the user. Its much better that way.

Thanks for the laugh ^^

[Jtalk4456]

2 hours ago, Brooksie359 said:

"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety" Benjamin Franklin. You give up your freedom for safety but in the end you still aren't safe. No platform is completely safe and that is just how it works so it seems silly to me to choose safety of freedom. That is why I like android. They give you the freedom to do what you want and don't limit you like apple does. 

That is a great quote for this, i might have to use that later. To further that statement and rebutt against the original, Apple isn't inherently safer in my opinion. just recently, macbooks had that root exploitation. and before that there was a "call apple tech support to fix your computer" scam that went around and many people fell for it. Why did so many fall for it? because Apple has convinced it's followers that it can't get viruses. I hear this all the time from clients "but how could i have a virus, i've got Mac?" Everytime I have to explain to them that apple's software isn't virus proof like they have been led to believe. In the past, most viruses were written for windows because it had almost all of the marketshare, therefore a wider base to spread the virus in.

Back to the point, people always try and argue the value of apple to me with virusproof and other misconceptions about apple's abilities. I always point out the misconceptions and then ask them if the things they thing apple has would even be worth what they want to pay. Let's say apple has actually better virus protection, which it doesn't (compared to windows, not too sure about how it compares to android). If I can spend 1300 on a low power macbook

https://www.apple.com/shop/buy-mac/macbook?product=MNYF2LL/A&step=config

comes with a whopping 1.2 ghz DUAL core processor (m3) and NO graphics card and ONLY 8GB memory

OR I can spend 1200 and get this

https://www.bestbuy.com/site/dell-inspiron-15-6-laptop-intel-core-i7-16gb-memory-nvidia-geforce-gtx-1060-1tb-hdd-256gb-ssd-matte-black/6162034.p?skuId=6162034

with a wonderful 4 core i7, 16 GB memory, a 1060 graphics card for a hundred less than the macbook

If that's the case, I'm gonna get the dell, and use $50 to purchase Kaspersky total security for up to 5 devices! Even assuming people's misconceptions about apple's security this leaves me $50 cheaper, with a way better computer, more power more graphics, more capability in general along with the wide range of compatibility offered by choosing the more mainstream OS and i still have 4 computers I can protect with top notch total security package. If you prefer the OS gui, that's a preference and I can disagree, but there's nothing to argue there. But if you have fallen for the marketing campaign promises apple makes, you will be very disappointed. Apple makes no financial sense, even assuming misconceptions to be true. And apple has had to major security issues in the last six months, so i fear virus makers and hackers are starting to focus more on apple as they realize how deep the marketing has taken root of it's consumers and led them to believe nothing can happen to them.

[Shreyas1]

18 minutes ago, Jtalk4456 said:

That is a great quote for this, i might have to use that later. To further that statement and rebutt against the original, Apple isn't inherently safer in my opinion. just recently, macbooks had that root exploitation. and before that there was a "call apple tech support to fix your computer" scam that went around and many people fell for it. Why did so many fall for it? because Apple has convinced it's followers that it can't get viruses. I hear this all the time from clients "but how could i have a virus, i've got Mac?" Everytime I have to explain to them that apple's software isn't virus proof like they have been led to believe. In the past, most viruses were written for windows because it had almost all of the marketshare, therefore a wider base to spread the virus in.

Back to the point, people always try and argue the value of apple to me with virusproof and other misconceptions about apple's abilities. I always point out the misconceptions and then ask them if the things they thing apple has would even be worth what they want to pay. Let's say apple has actually better virus protection, which it doesn't (compared to windows, not too sure about how it compares to android). If I can spend 1300 on a low power macbook

https://www.apple.com/shop/buy-mac/macbook?product=MNYF2LL/A&step=config

comes with a whopping 1.2 ghz DUAL core processor (m3) and NO graphics card and ONLY 8GB memory

OR I can spend 1200 and get this

https://www.bestbuy.com/site/dell-inspiron-15-6-laptop-intel-core-i7-16gb-memory-nvidia-geforce-gtx-1060-1tb-hdd-256gb-ssd-matte-black/6162034.p?skuId=6162034

with a wonderful 4 core i7, 16 GB memory, a 1060 graphics card for a hundred less than the macbook

If that's the case, I'm gonna get the dell, and use $50 to purchase Kaspersky total security for up to 5 devices! Even assuming people's misconceptions about apple's security this leaves me $50 cheaper, with a way better computer, more power more graphics, more capability in general along with the wide range of compatibility offered by choosing the more mainstream OS and i still have 4 computers I can protect with top notch total security package. If you prefer the OS gui, that's a preference and I can disagree, but there's nothing to argue there. But if you have fallen for the marketing campaign promises apple makes, you will be very disappointed. Apple makes no financial sense, even assuming misconceptions to be true. And apple has had to major security issues in the last six months, so i fear virus makers and hackers are starting to focus more on apple as they realize how deep the marketing has taken root of it's consumers and led them to believe nothing can happen to them.

When your post is longer than the OP...

[dalekphalm]

59 minutes ago, Jtalk4456 said:

That is a great quote for this, i might have to use that later. To further that statement and rebutt against the original, Apple isn't inherently safer in my opinion. just recently, macbooks had that root exploitation. and before that there was a "call apple tech support to fix your computer" scam that went around and many people fell for it. Why did so many fall for it? because Apple has convinced it's followers that it can't get viruses. I hear this all the time from clients "but how could i have a virus, i've got Mac?" Everytime I have to explain to them that apple's software isn't virus proof like they have been led to believe. In the past, most viruses were written for windows because it had almost all of the marketshare, therefore a wider base to spread the virus in.

Back to the point, people always try and argue the value of apple to me with virusproof and other misconceptions about apple's abilities. I always point out the misconceptions and then ask them if the things they thing apple has would even be worth what they want to pay. Let's say apple has actually better virus protection, which it doesn't (compared to windows, not too sure about how it compares to android). If I can spend 1300 on a low power macbook

https://www.apple.com/shop/buy-mac/macbook?product=MNYF2LL/A&step=config

comes with a whopping 1.2 ghz DUAL core processor (m3) and NO graphics card and ONLY 8GB memory

OR I can spend 1200 and get this

https://www.bestbuy.com/site/dell-inspiron-15-6-laptop-intel-core-i7-16gb-memory-nvidia-geforce-gtx-1060-1tb-hdd-256gb-ssd-matte-black/6162034.p?skuId=6162034

with a wonderful 4 core i7, 16 GB memory, a 1060 graphics card for a hundred less than the macbook

If that's the case, I'm gonna get the dell, and use $50 to purchase Kaspersky total security for up to 5 devices! Even assuming people's misconceptions about apple's security this leaves me $50 cheaper, with a way better computer, more power more graphics, more capability in general along with the wide range of compatibility offered by choosing the more mainstream OS and i still have 4 computers I can protect with top notch total security package. If you prefer the OS gui, that's a preference and I can disagree, but there's nothing to argue there. But if you have fallen for the marketing campaign promises apple makes, you will be very disappointed. Apple makes no financial sense, even assuming misconceptions to be true. And apple has had to major security issues in the last six months, so i fear virus makers and hackers are starting to focus more on apple as they realize how deep the marketing has taken root of it's consumers and led them to believe nothing can happen to them.

You're comparing a plastic body Inspiron to a Macbook.

 

I think Dell makes some damn good laptops, and there ARE great, well priced, Macbook alternatives. This isn't one of them.

 

Compare an XPS to a Macbook.

Now, if you don't care about the more expensive build quality, or the aesthetics? That's cool! But please just realize that you're comparing two, very different products.

[Jito463]

6 hours ago, RorzNZ said:

Its not sarcasm. Apple is the most secure company software wise and this is why. Apple keeps everything locked down and finely tuned to the user. Its much better that way.

Closed source or open source makes virtually no difference to security.  I've seen arguments in both camps, and quite frankly they both fall short in the real world.  The closed source camp likes to proclaim that if the code isn't released that it's less likely for exploits to be found.  The open source camp likes to proclaim that more eyes looking at the code means it's more likely for vulnerabilities to be discovered.  Both approaches have merit, but neither one is foolproof, nor can they ever be.

 

Knowing that neither will ever be completely secure, I prefer a phone that I can actually use the way I want to, rather than the way the developers intend for me to use it.

[Sniperfox47]

17 minutes ago, Jito463 said:

Closed source or open source makes virtually no difference to security.  I've seen arguments in both camps, and quite frankly they both fall short in the real world.  The closed source camp likes to proclaim that if the code isn't released that it's less likely for exploits to be found.  The open source camp likes to proclaim that more eyes looking at the code means it's more likely for vulnerabilities to be discovered.  Both approaches have merit, but neither one is foolproof, nor can they ever be.

 

Knowing that neither will ever be completely secure, I prefer a phone that I can actually use the way I want to, rather than the way the developers intend for me to use it.

To be fair, while it's less likely exploits will be found that also means that if they are found, which they innevitably will be, that they will go longer without a fix. At the end of the day whether your source is out there or not, Attackers are going to find a way to exploit it, and they're not about to tell you they're exploiting it, much less how they are.

 

I don't disagree with you about the Open Source and particularly "libre" software paradigms have serious issues, both in terms of security and in terms of other matters, but if your code is not secure enough for public scrutiny it's not secure enough period.

[Jito463]

3 minutes ago, Sniperfox47 said:

To be fair, while it's less likely exploits will be found that also means that if they are found, which they innevitably will be, that they will go longer without a fix. At the end of the day whether your source is out there or not, Attackers are going to find a way to exploit it, and they're not about to tell you they're exploiting it, much less how they are.

Even with open source code, it's not guaranteed that a hidden exploit couldn't be used without anyone else finding out about it.  Look at some recent stories of flaws/vulnerabilities that have existed for 10, 15 even 20 years, and are only just being discovered.  There's no guarantee that someone couldn't have discovered that sooner, and kept it to themselves in order to take advantage of it.

5 minutes ago, Sniperfox47 said:

I don't disagree with you about the Open Source and particularly "libre" software paradigms have serious issues, both in terms of security and in terms of other matters, but if your code is not secure enough for public scrutiny it's not secure enough period.

You're sort of contradicting yourself. You admit that open source software can be (emphasis on can) largely problematic, then claim that software needs to be open source to mitigate that problem.

 

At the end of the day, I haven't seen a convincing argument from either side to convince me that one way or the other is the best choice.

[Sniperfox47]

1 minute ago, Jito463 said:

Even with open source code, it's not guaranteed that a hidden exploit couldn't be used without anyone else finding out about it.  Look at some recent stories of flaws/vulnerabilities that have existed for 10, 15 even 20 years, and are only just being discovered.  There's no guarantee that someone couldn't have discovered that sooner, and kept it to themselves in order to take advantage of it.

You're sort of contradicting yourself. You admit that open source software can be (emphasis on can) largely problematic, then claim that software needs to be open source to mitigate that problem.

 

At the end of the day, I haven't seen a convincing argument from either side to convince me that one way or the other is the best choice.

I'm not saying that at all. I'm saying that at the end of the day closed source offers no real benefits over open source, other than a slight minor inconvenience for attackers, so you might as well open source your software, contribute back to the community, and not be a jackass. I'm no FSF fanatic so I believe freedom means that people should be allowed to closed source their things and keep it locked away if they want, but it still kinda makes them a jackass when it offers them no real benefit.

[LAwLz]

8 hours ago, RorzNZ said:

Its not sarcasm. Apple is the most secure company software wise and this is why. Apple keeps everything locked down and finely tuned to the user. Its much better that way.

And how does giving everyone access to the source code prevent Apple from locking things down and fine tuning things?

It doesn't. In fact, a large portion of both MacOS and iOS is open source.

 

8 hours ago, RorzNZ said:

Sorry if I prefer a device with seamless cloud integration and top of the line security. I've never seen an Android device as secure as an iPhone. What I want my phone to do is send and recieve calls and direct them to any device I have, have a cloud messaging app, have a video calling app and the usual social media. The iPhone does that perfectly and more securely than any other phone thanks to its locked-down approach. Not to mention smoothly and very fast.

I really don't know why security isn't prominent on Android devices. It would make sense for something that holds your credit card information, e-mails and contacts to be more secure. Having it being open-source isn't a great start.

Ehm... Something tells me you're either trolling, or have no idea how software works.

Well written software is secure regardless whether someone has access to the source code or not. In fact, having the source code be analyzed by other people is a great way to make it even more secure, rather than having vulnerable code that you just hope nobody finds ways to exploit.

That's why things like AES (which the iPhone uses heavily) is a completely open formula which anyone can look at and try to poke holes at. Or why OpenSSL is so widely used (even included as a preinstalled component in MacOS). If you want another example look no further than Safari, which is based on Apple's (in collaboration with Google, KDE, Adobe and a few others) open source WebKit engine.

 

Having the source code open for people to look at is one of the most important things if you want to have secure programs.

Closed source code can never truly be considered secure because only one or a handful of companies can actually validate if it's secure or not, and those companies often benefit from lying in scenarios where the code might not be secure.

[LAwLz]

1 hour ago, Jito463 said:

At the end of the day, I haven't seen a convincing argument from either side to convince me that one way or the other is the best choice.

I think this is a very convincing argument:

1 hour ago, Sniperfox47 said:

if your code is not secure enough for public scrutiny it's not secure enough period.

 

If your code truly is secure, then it should not matter if someone can see it or not. One example of this is AES. I don't think AES would have been taken even half as seriously if it was some black box nobody could look into and see how it works.

It's been around for 17 years, completely free for anyone to try and break, and the best we've been able to do is theoretically weaken the cipher strength from a 128 bit key to a 126 bit one (which would still take longer than the age of the universe to crack with brute force and a good password).

 

I think the overwhelming amount of open source in the crypto world is evidence that it is the best way to approach security.

 

It is entirely possible for a closed source program to be as secure as an open source one, but the big difference is that the closed source one can not be proven to be secure. The open source one can with very high certainty.

 

Closed source security = 100% faith and trust in a company that can will profit from lying.

Open source security = Can be validated by anyone to actually be secure.

 

Of course, there are risks that something might slip through the cracks even with open source software, but the risk is far smaller when you got millions of people looking at your code, vs maybe 20 or so people.

[TopHatProductions115]

7 hours ago, Jtalk4456 said:

That is a great quote for this, i might have to use that later. To further that statement and rebutt against the original, Apple isn't inherently safer in my opinion. just recently, macbooks had that root exploitation. and before that there was a "call apple tech support to fix your computer" scam that went around and many people fell for it. Why did so many fall for it? because Apple has convinced it's followers that it can't get viruses. I hear this all the time from clients "but how could i have a virus, i've got Mac?" Everytime I have to explain to them that apple's software isn't virus proof like they have been led to believe. In the past, most viruses were written for windows because it had almost all of the marketshare, therefore a wider base to spread the virus in.

Back to the point, people always try and argue the value of apple to me with virusproof and other misconceptions about apple's abilities. I always point out the misconceptions and then ask them if the things they thing apple has would even be worth what they want to pay. Let's say apple has actually better virus protection, which it doesn't (compared to windows, not too sure about how it compares to android). If I can spend 1300 on a low power macbook

https://www.apple.com/shop/buy-mac/macbook?product=MNYF2LL/A&step=config

comes with a whopping 1.2 ghz DUAL core processor (m3) and NO graphics card and ONLY 8GB memory

OR I can spend 1200 and get this

https://www.bestbuy.com/site/dell-inspiron-15-6-laptop-intel-core-i7-16gb-memory-nvidia-geforce-gtx-1060-1tb-hdd-256gb-ssd-matte-black/6162034.p?skuId=6162034

with a wonderful 4 core i7, 16 GB memory, a 1060 graphics card for a hundred less than the macbook

If that's the case, I'm gonna get the dell, and use $50 to purchase Kaspersky total security for up to 5 devices! Even assuming people's misconceptions about apple's security this leaves me $50 cheaper, with a way better computer, more power more graphics, more capability in general along with the wide range of compatibility offered by choosing the more mainstream OS and i still have 4 computers I can protect with top notch total security package. If you prefer the OS gui, that's a preference and I can disagree, but there's nothing to argue there. But if you have fallen for the marketing campaign promises apple makes, you will be very disappointed. Apple makes no financial sense, even assuming misconceptions to be true. And apple has had to major security issues in the last six months, so i fear virus makers and hackers are starting to focus more on apple as they realize how deep the marketing has taken root of it's consumers and led them to believe nothing can happen to them.

preach, brotha!!!

[SpaceGhostC2C]

12 hours ago, RorzNZ said:

Its not sarcasm. Apple is the most secure company software wise and this is why. 

Is that based on some form of objective, verifiable measure, or just on "the feeling of safety" that you have?

[Drak3]

4 minutes ago, SpaceGhostC2C said:

Is that based on some form of objective, verifiable measure,

Apple said so. Can't beat that.

 

 

Kappa.

[Guest]

5 hours ago, SpaceGhostC2C said:

Is that based on some form of objective, verifiable measure, or just on "the feeling of safety" that you have?

Its pretty objective. I don't know any other company that hides credentials in a seperate inaccessable chip on the board. Find My iPhone has made it impossible to steal an iPhone as well. Its pretty hard to get past an iCloud lock in this day and age.

[Guest]

16 hours ago, Drak3 said:

 

Samsung Knox is likely more secure than an iPhone, as it runs stricter rules on what can be installed. Blackberry's enterprise phones running their modified Android also would likely be more secure.

But both OSX and iOS are based off of Apple's OPEN SOURCE Darwin, with proprietary services and packages running on top.

Can't really compare can we, but given you can count the current vulnerabilities of iOS on your hands, which soon get patched with each version (And Apple products get patch a whole lot quicker - judging by the spectre / meltdown patches, it could be different for each vulnerability). 

Obviously this is my experience and opinion, but Apple is pretty high up there with security compared to stock Android. It has gotten a bit lax with iOS however.

[Trixanity]

3 hours ago, RorzNZ said:

Its pretty objective. I don't know any other company that hides credentials in a seperate inaccessable chip on the board. Find My iPhone has made it impossible to steal an iPhone as well. Its pretty hard to get past an iCloud lock in this day and age.

Try Qualcomm.

[SpaceGhostC2C]

9 hours ago, RorzNZ said:

Its pretty objective. I don't know any other company that hides credentials in a seperate inaccessable chip on the board. Find My iPhone has made it impossible to steal an iPhone as well. Its pretty hard to get past an iCloud lock in this day and age.

I see.

So basically it is just "you perceive it as being safer".

[Guest]

4 hours ago, SpaceGhostC2C said:

I see.

So basically it is just "you perceive it as being safer".

Thats not what I said

[Shreyas1]

On 2/8/2018 at 8:20 PM, sazrocks said:

Aaaaand now everyone with access to that code at apple gets locked down. Apple takes this kind of thing seriously.

Apparently it was an intern a long time ago

 

https://www.theverge.com/2018/2/9/16997266/apple-source-code-leak-intern-internal-tools-jailbreaking-github-ios-9

[Energycore]

On 2/8/2018 at 10:22 PM, Pangea2017 said:

code public equals unsafer world, thanks verge 

 

Edit: not my opinoin, it is in the quote of the verge that ios was safer without this code beeing public

The world isn't more unsafe with this code public. It is Apple's walled garden ecosystem that is.

[TH3M4DR4TT3R]

I think it's six of one and half a dozen of another in the argument over open or closed source software, what we have to remember is that if Apple wanted the leaked code in the public domain it would have put it there......

Whoever took that code committed theft from that company, that should be the issue here...If I stole from my boss I'd be arrested and charged.

Maybe Apple's secrecy about their code makes this a bigger problem than it really is. We should also bear in mind that Apple has a big head start when it comes to stopping any nasties that may arise from this leak, they have been developing this software for years after all......

In my opinion it's a storm in a tea cup

[Linus_torvalds]

On 2/9/2018 at 5:01 PM, RorzNZ said:

Its not sarcasm. Apple is the most secure company software wise and this is why. Apple keeps everything locked down and finely tuned to the user. Its much better that way.

Excuse me was not it apple who gave root access to anyone on their macs whoever wanted it? LOL

So many macs where fucked up. You just entered root in username and leave the password blank and hit enter and it would get you in the system with root user. There was not anything so fucked up before in any system.

[Jito463]

2 minutes ago, mate_mate91 said:

You just entered root in username and leave the password blank and hit enter and it would get you in the system with root user.

That's a "feature".

[ItsMitch]

14 minutes ago, mate_mate91 said:

Excuse me was not it apple who gave root access to anyone on their macs whoever wanted it? LOL

 

not a bug, just a unique unexpected feature 

[Linus_torvalds]

On 2/10/2018 at 12:17 AM, Jito463 said:

At the end of the day, I haven't seen a convincing argument from either side to convince me that one way or the other is the best choice.

You are forgetting about one thing. Closed source operating systems, and software come from companies like Apple, Google and Microsoft and many other companies. They ARE doing whatever they want in it's source code. For example windows 10. Some countries where researching it. And there is a document telling that it breaks peoples right for privacy. Soon windows 10 will be forbidden in europe because of new low after 25 march if i remember correctly. Ms said it will release special version for europe, maybe with less telemetry

Google admited that your gps was tracking your location even when gps was off. So is wifi which is used to track mac addresses this way you can be located even when GPS is truely off. Wifi ssids are associated with their mac addresses, which your phone sees even when it's not connected to one. Google said it was a bug. Now how do you think, it was a bug and they realised it when released android version 8 that gps was not turning off truly or it was intended to do so? They said it acted like this on evey version of android started from kitkat.

There are many stories like this. Keylogger found in HP's keyboard drivers, backdoors found in dlink, netgear, huawei routers, serious vulnerabilities found in IME (intel management engine) and so on and so on. Now what IF all this things where open source. Could HP put a keylogger in it? Could they put backdoors in it? could google track every android phone's location which are usind >kitkat version, could MS even release windows 10?

This is the most powerfull argument that open source software is better then closed source. If you are not trusting crackers who may have put malware in the cracks, why would you trust some guy who makes closed source software and sells it? You do not know what it is doing and you'll never know until that software is not open sourced!