Apple failed to fix zero days and ignore person who found them.

[mr moose]

14 hours ago, Middcore said:

 

The main reason "Macs don't (didn't) get viruses" was because they weren't popular enough for anyone to write malware targeting them. As the popularity of Macs has increased Mac users are now a worthwhile target. 

Macs always got viruses,  My school had an entire classroom full of infected macs in the very early 90's (nearly every student with a floppy was infected).   And that was well before the internet. 

 

The whole idea that macs have anything special about them over everything else is pure marketing BS and fanboy rhetoric.

[mr moose]

5 hours ago, Master Disaster said:

 

To quote Amy from the TBBT, there's no doubt the male reproductive system is far more low maintenance than the female one.

Not once you get to 50.    The roles reverse as the female one shuts down and the males have to put up with an ongoing slew of old man problems with a penis that still thinks its 19.

[Middcore]

Just now, valdyrgramr said:

He was hired to be Steve Jobs.  

Well he's terrible at it.

[Arika]

22 hours ago, poochyena said:

To me or you, but maybe not to apple.

Then apple is one of the most irresponsible companies on the planet and everyone should stop using any Apple products if they prioritise performance over security. All claims apple have made or any claims they make going forward in regards to security need to be immediately questioned.

[Arika]

26 minutes ago, valdyrgramr said:

Well, to be fair to Apple, they already had customers complaining in masses over performance to help do what they promised

big difference between security and "battery life" of which they didn't even tell people why they did it until they were called out, which is just as malicious as if they were really doing it to force people into buying a new phone because they thought it was just old and slow

 

The fact that they are also ignoring the researchers and refusing to put it on their exploit lists means they don't actually care about the risks, not that they just don't want to fix it to avoid upsetting their customers, they are trying to hide that it's even a thing. Which i put it into the same category as the above, It's malicious.

because it either means:

1. They are refusing to patch a security risk because they prioritise performance, in which case as mentioned before, all claims about security apple have made or will ever make need to be thrown out the window.
2. they are refusing to acknowledge it, in which case as mentioned before, all claims about security apple have made or will ever make need to be thrown out the window.
3. They can't fix it, in which case as mentioned before, all claims about security apple have have or will ever make need to be thrown out the window because even if they can't fix it, they are still ignoring it and purposely choosing not to tell people.
4. They are going to fix it without crediting the people that find their exploits and make a big song and dance about how good they are and how they patched these major issues making their bug bounty program absolutely 100% worthless and scummy as fuck.
5. Their systems, processes and staff working on the bug bounty system are massively incompetent for any business, let alone one the size of Apple.

There is literally no outcome based on Apples current track record with these exploits that paints them as the good guy.

[Fasterthannothing]

3 hours ago, Arika S said:

Then apple is one of the most irresponsible companies on the planet and everyone should stop using any Apple products if they prioritise performance over security. All claims apple have made or any claims they make going forward in regards to security need to be immediately questioned.

Apples "security" is only a bunch of the biggest boldest PR lies in the tech industry. Remember it was just like a month ago they said their CSAM stuff was secure and researchers put a giant freaking tank sized hole into their security! But their PR department sent out some nice we will try a different approach letters to media outlets and they ate it up then users stopped caring no more news stories nothing! I guarantee you  shows back up quietly in a update later down the road pre programmed with all the tools a government would need to scan your device.

[Spindel]

23 hours ago, wanderingfool2 said:

 

 

Well it's collecting analytics from the health aspect, but in theory you can turn it off (still stored locally though), and I don't know (an apple user can confirm this) but is the share analytics on or off by default?

 

It’s opt-in when you use the app the first time it asks you. If you change your mind later it’s easy to find and toggle.

[Commodus]

13 hours ago, SlidewaysZ said:

Apples "security" is only a bunch of the biggest boldest PR lies in the tech industry. Remember it was just like a month ago they said their CSAM stuff was secure and researchers put a giant freaking tank sized hole into their security! But their PR department sent out some nice we will try a different approach letters to media outlets and they ate it up then users stopped caring no more news stories nothing! I guarantee you  shows back up quietly in a update later down the road pre programmed with all the tools a government would need to scan your device.

I'll be frank: this paragraph is a bundle of half-truths and unsupported hyperbole.

 

To start... it was not a "tank-sized hole." There are multiple safeguards, and the system security researchers poked at wasn't even the one that would reach iOS devices. Yes, Apple still needs to be sure a system like this is airtight if it's going to be deployed at all, but you don't actually know how vulnerable the real-world system was going to be.

 

Also, what do you expect the media to do? A good journalist is only going to report on things that have actually happened; if Apple puts a feature on ice, there's not much the press can say about it until that feature either comes back or gets cancelled. They're not going to speculate, and even an op-ed piece can only go so far.

 

And sorry, but that claim that Apple would quietly slip the feature in and enable "all the tools a government would need" for spying? That's just Chicken Little crap. The company very publicly announced its CSAM changes and realized it need to rethink its strategy after all the public concern. And besides, it would be ridiculously easy to spot the kind of access you claim Apple would implement. It's good to be concerned about Apple's approach; it's unhealthy to make the logical leap from Apple's actual, limited proposal to "Apple will help the government spy on everything you do."

[wanderingfool2]

On 9/24/2021 at 11:59 PM, Master Disaster said:

I see absolutely zero reason why the phones manufacturer or app developer would need access to my personal medical information in any capacity. I understand usage analytics, like how much customers are interacting and whether the app is having a positive or negative effect on overall health (at least by the metric of the system) but honestly, for Apple to be looking at (and storing) a womans cervical mucas data is just plain creepy. That's the kind of stuff that should be kept between a woman, her partner and their fertility doctor.

Well if you are creating something like a heart monitoring app, you could use that sort of analytics to ensure that you aren't over fitting with your algorithm (i.e. giant set of "test" data)

[Dracarris]

On 9/26/2021 at 4:00 AM, Arika S said:

they didn't even tell people why they did it until they were called out, which is just as malicious as if they were really doing it to force people into buying a new phone because they thought it was just old and slow

1) Throttling the CPU to prevent current spikes that droop battery voltage and crash the phone

2) Intentionally slowing down a device with no technical reasoning to get people to buy new

Arika S: "They are the same"

Some people here honestly need to re-check their bias towards certain brands.

[Arika]

13 minutes ago, Dracarris said:

1) Throttling the CPU to prevent current spikes that droop battery voltage and crash the phone

2) Intentionally slowing down a device with no technical reasoning to get people to buy new

Arika S: "They are the same"

Some people here honestly need to re-check their bias towards certain brands.

They ARE the same if they don't tell you the reason.

 

what person would come to the conclusion that their phone is becoming slower because of the battery, without already being told about it?

 

If they don't divulge the reason up front, then yes, the reason might as well be that they are slowing it down to force people to buy a new phone, because either the assumption of the public or the reality becomes the same outcome. They were doing this for god knows how long until they were called out and the actual reason was brought forward, but before that, how many people just assumed their phone was slow because it was old and bought a new one?

[Arika]

  

32 minutes ago, Dracarris said:

inb4 people derailing and downplaying this severe vulnerability while bitching about fixed issues on iOS that allow to access log data and scenting big NSA conspiracy.

I'm bringing this quote back to THIS thread, funny that you accuse ME of derailing

 

fixed?

 

Quote

as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page.

and one of my responses was

• They are going to fix it without crediting the people that find their exploits and make a big song and dance about how good they are and how they patched these major issues making their bug bounty program absolutely 100% worthless and scummy as fuck.

they didn't credit him or acknowledge the only "fixed" one, which is maybe worse than them trying to claim they fixed it themselves

Quote

July 26 - iOS 14.7.1 security contents list is published, still no mention of this vulnerability

September 13 - iOS 14.8 security contents list is published, still no mention of this vulnerability. Same day I asked for an explanation and informed Apple that I would make all my reasearch public unless I receive a reply soon

September 20 - iOS 15.0 security contents list is published, still no mention of this vulnerability

September 24 - I still haven't received any reply so I publish this article

 

[Dracarris]

6 minutes ago, Arika S said:

how many people just assumed their phone was slow because it was old and bought a new one?

The same amount of people that bought a new phone after they came out because they knew that it was slow due to aging battery.

 

You have a slow phone in both cases. You either live with it or think it is unacceptable and buy new.

Additionally you have to option to accept random crashes at high battery percentages with full performance, so yes indeed those people were probably forced in an evil way to buy a new phone.

[Dracarris]

5 minutes ago, Arika S said:

they didn't credit him or acknowledge the only "fixed" one, which is maybe worse than them trying to claim they fixed it themselves

I know. Apple = source of all evil, others good. At this point it doesn't really matter what Apple does. People like you always come to the conclusion that it was the worst possible action. I can only repeat my comment about bias towards certain companies.

 

Proof me wrong by bringing the appropriate multifold of a shitstorm and attention towards the other thread where MS repeatedly screwed up big big time with much more severe possible consequences.

[Arika]

8 minutes ago, Dracarris said:

The same amount of people that bought a new phone after they came out because they knew that it was slow due to aging battery.

 

nice that you cut of that part RIGHT before that sentence:

 

18 minutes ago, Arika S said:

but before that, how many people just assumed their phone was slow because it was old and bought a new one?

Literally no one would have thought their phone was slow because of a bung battery BEFORE apple came out and told everyone.

 

As you saying people would rather buy a whole new $700 - $1200 phone than spend maybe $100 to get a new battery and restore their phone to a full working state?

 

4 minutes ago, Dracarris said:

I know. Apple = source of all evil, others good. At this point it doesn't really matter what Apple does. People like you always come to the conclusion that it was the worst possible action. I can only repeat my comment about bias towards certain companies.

Given Apple's responses to the entire situation about these 4 vulnerabilities, yes, i think i'm perfectly justified in my thinking. people like you always come to the conclusion that Apple is a saint and can do no wrong.

 

Also you say i'm Bias, but i have given Apple credit where credit is due. I have an ipad mini 5 that i use on a almost daily basis. I have been on this forum for a long time, i have made comments both good and bad about pretty much every company. It just so happens that lately Apple seems to be fucking up quite a lot and is on my shit-list

[Dracarris]

2 minutes ago, Arika S said:

Literally no one would have thought their phone was slow because of a bung battery BEFORE apple came out and told everyone.

Before the throttling measure phones just randomly shut down after a few years of usage. You don't exactly have to be Einstein to make that link, but fair enough.

That being said, I am pretty sure you never experienced such a throttled phone (since Apple=evil). It is not like this makes a phone a terrible usage experience that you immediately want to throw it away and buy new. After all this applies to phones that are 2-3years old.

[Dracarris]

21 minutes ago, Arika S said:

people like you always come to the conclusion that Apple is a saint and can do no wrong.

No. But the heat Apple gets for every fart they let out is just ridiculous. Stuff gets totally blown out of proportion to the point of NSA conspiracies.

22 minutes ago, Arika S said:

Also you say i'm Bias, but i have given Apple credit where credit is due. I have an ipad mini 5 that i use on a almost daily basis. I have been on this forum for a long time, i have made comments both good and bad about pretty much every company. It just so happens that lately Apple seems to be fucking up quite a lot and is on my shit-list

Fair enough. So I can now expect MS to be on your shit-list and appropriate activity of yours in the other thread.

[Arika]

2 minutes ago, Dracarris said:

Fair enough. So I can now expect MS to be on your shit-list and appropriate activity of yours in the other thread.

Completely depends on their response. I don't rag on companies for purely having vulnerabilities, they are literally unavoidable with technology being as complex as it is these days. If they give a generic PR response and/or try to ignore it, then yes, they will be on my shit-list.

[Zodiark1593]

2 hours ago, Dracarris said:

Before the throttling measure phones just randomly shut down after a few years of usage. You don't exactly have to be Einstein to make that link, but fair enough.

That being said, I am pretty sure you never experienced such a throttled phone (since Apple=evil). It is not like this makes a phone a terrible usage experience that you immediately want to throw it away and buy new. After all this applies to phones that are 2-3years old.

There’s a notable lack of transparency as to why the phones were being throttled and what went wrong to require this measure, what’s being immediately done for those affected, and what’s being done to ensure it doesn’t happen again. 
 

Putting the technical details up front would’ve saved a substantial PR headache for Apple, and for those trying to speculate as to Apple’s intent. 

[wanderingfool2]

2 hours ago, Dracarris said:

Before the throttling measure phones just randomly shut down after a few years of usage. You don't exactly have to be Einstein to make that link, but fair enough.

That being said, I am pretty sure you never experienced such a throttled phone (since Apple=evil). It is not like this makes a phone a terrible usage experience that you immediately want to throw it away and buy new. After all this applies to phones that are 2-3years old.

Phones randomly crashing = degrading battery isn't really the logical conclusion.  It feels like it's just another plan for planned obsolescence.  If you brought it into an Apple store saying it's slow, I'm willing to bet they wouldn't have told you you needed a new battery but should just buy a new phone.  I make this assumption by experience, my boss/owner, had a mac book that died; they brought it to Apple who told them the main board was damaged and needed replacing (at which point it was better buying a new laptop)...they bought a new laptop, and brought me the old one (so I could recover their files from it)...and see if I could fix the issues.  Within 5 minutes I've already diagnosed the issue to likely a bad harddrive.  Grabbed a new drive, put it in (got the OS build from a sketchy source) and tried it...it worked.  They paid $1000+ for a new laptop, when all it needed was a $50 drive.

 

Apple gets hated on because it's literally things like this that occur plus, flex-gate, "Macs don't get Viruses", or antennagate.  It's similar to Bolt EV vs Hyundai Kona battery fires.  Bolt is getting hate because they dealt with it all wrong, Hyundai is in trouble but not really making the news (because they did things more properly)

 

In relation to this topic, the vast majority of people believe Apples marketing.  Even to this day I've had to correct people saying Macs/iPhones don't get viruses (because they got a virus), and they literally claim that it can't.  That mentality is built because Apple marketed things like that, and they market themselves as caring about user's privacy (like how they did the third party tracking pop-up)...then when it really comes down to it, where they were informed about 4 privacy leaks, they only fixed one and they fixed it without credit (acknowledged later it was without credit but still hasn't updated to give credit).  Their bounty program, while touted as being one of the highest paying for privacy is also known in the inner circles as being slow to receive and inconsistent in whether they will actually reward you.

[Zodiark1593]

2 hours ago, wanderingfool2 said:

Phones randomly crashing = degrading battery isn't really the logical conclusion. 

There are factors to consider that can make a degrading battery cause crashes. 
 

First consider that as a battery degrades, not only does its absolute capacity decrease, the internal resistance also rise. This reduces maximum current output, and reduces efficiency of the battery under load, and most importantly, amplifies voltage sag. Compound this with the very small batteries in use at the time this issue arose, meaning maximum current was rather low to begin with. 
 

The second factor comes down to CPU architecture. Compared to their Android peers, Apple tends to use highly aggressive custom core designs that draw a lot of power at full load, and the 6/6S lines were no exception. At the time, there were no Little cores to fall back on. 
 

Given the characteristics of batteries common in phones (these are not high discharge cells), I could easily see an old, small Li-Po battery not sustaining voltage very well under an amp or so of load. 

[Dracarris]

7 hours ago, Arika S said:

If they give a generic PR response and/or try to ignore it, then yes, they will be on my shit-list.

Well then:

2 hours ago, SlidewaysZ said:

This is literally a 2015 security exploit. I guess they just didn't patch it because too many companies used it as a way to exploit it themselves to install stuff

 

https://www.google.com/amp/s/www.howtogeek.com/226308/the-windows-platform-binary-table-why-crapware-can-come-back-after-a-clean-install/amp/

 

Why Microsoft why! You had this issue in 2015! 

[wanderingfool2]

3 hours ago, Zodiark1593 said:

There are factors to consider that can make a degrading battery cause crashes. 

Logical conclusion might have been a bad wording choice by myself.  By that I meant that the general population will not link random crashes to the battery (likely just thinking it's an aging phone and stuff is breaking...but not necessarily thinking the battery.  Most of my phones (with replaceable batteries) ended up dying not due to battery issues, but other internal issues (but prior to that it all got messed up).  I suspect one of them was the onboard storage that was the issue.  The point being that having a system slow down a lot of people won't think battery, random crashes a lot of people won't immediately think battery either.

 

1 hour ago, Dracarris said:

Well then:

*Looks at Microsoft's response and reads the so calls "2015" article*...There are many reasons I hate Microsoft, but this really isn't one of them.  Just because the mechanism has been in place since 2015 doesn't mean that the vulnerability was known since 2015.  Well for starters, you can mitigate it via group policy, the lenovo thing was a separate issue (where they essentially put vulnerable software via this method).  For myself, it's akin to having a flawed driver by a manufacturer and then saying Microsoft lets you install drivers so it's an exploit.

[CTR640]

11 hours ago, Dracarris said:

Before the throttling measure phones just randomly shut down after a few years of usage. You don't exactly have to be Einstein to make that link, but fair enough.

That being said, I am pretty sure you never experienced such a throttled phone (since Apple=evil). It is not like this makes a phone a terrible usage experience that you immediately want to throw it away and buy new. After all this applies to phones that are 2-3years old.

How about you stop blowing on Apple's bong and start opening your eyes? That bullshit "(since Apple=evil)" makes you an Apple fanboy.

 

"You don't exactly have to be Einstein to make that link" Can you be more arrogant? I have an old phone since 2015, Huawei P8Max and never it has randomly shut down once. Other phones before that neither. My mom had an iPhone 4S very long and it never shut down randomly once. Apple was not transparant towards its customers untill they were called out and even France sued them about that shit if I remember correctly. I'm not gonna argue further as other members already explained the issues about Apple.

[Dracarris]

1 hour ago, CTR640 said:

I have an old phone since 2015, Huawei P8Max and never it has randomly shut down once. Other phones before that neither. My mom had an iPhone 4S very long and it never shut down randomly once.

Ah right, with that anecdotal evidence of yours all the other technical explanations are of course void. My 5 had a ton of random shutdowns and the Samsung of my aunt as well, I guess that makes us even?

1 hour ago, CTR640 said:

That bullshit "(since Apple=evil)" makes you an Apple fanboy.

No, I am simply sick and tired of the same pattern over and over ocurring here; people milking every fart that gets ripped in Cupertino to the very last drop. Hell, now people even brought up antennagate, an issue seen with phones eight generations ago. That is just ridiculous.