bilbobagholder Where have you been – have you been off grid these past three years….?
Joking apart – I was not aware that Apple was ever on the same page as Daniel Micay and Graphene-OS.. Ignoring most of past three years let us just take a look at this year.
Not sure if this is the 7th or 8th major security issue this year with the one emergency warning on the 19th August followed by another urgent update warning on the 22nd August.
ANOTHER ONE! Millions of iPhone owners issued a NEW warning just days after ‘hack alert’ – act now...
https://www.thesun.co.uk/tech/19579155/iphone-warning-alert-ios-16-15-6-1-update/
So 7 major issues with Apple this year; yet even resorting to the deep dark web; try as I might I can still only find ONE Graphene-OS vulnerability in February this year; stemming from the Linux kernel - Google fixed the vulnerability in the AOSP codebase on 23 February. This was the Dirty Pipe branded Bug…
Branded bugs used as the focus of marketing are usually less serious than at least a few other issues being fixed at the same time. Bugs being branded and marketed doesn't make them a higher priority for us. Our focus is also not on fixing individual bugs but systemic security.
Android's replacement of C++ with Rust (low-level) and Kotlin (high-level) will help in the long term.
In the meantime, hardened malloc and other GrapheneOS features offer substantial protection. Our top priority for the project is developing best-in-class MTE support for ARMv9.
So a researcher found the bug and it it was fixed very quickly and no Graphene-OS phones were hacked; whereas Apple products were and are being actually hacked.
Quote from Friday 19th the Sun ha, ha - “I-PANIC Apple warns millions to update iPhone NOW as hackers could already be in control of device & accessing bank details.”
Even in the land of the big Apple CNN are reporting a red alert emergency security warning – no shit… Watch the video on link below...
https://edition.cnn.com/videos/tech/2022/08/19/apple-security-warning-update-software-romans-solomon-newday-vpx.cnn
There is also the questions of honesty, secrecy and responding to the consumers – even though many, like me, buy second hand phone and flash Graphene-OS so not technically a consumer like an iPhone at 800 quid.
Graphene-OS forum and Mr Micay himself are there to be questioned and get bugs fixed.
However over at Apple they are legend at being obtuse and ignoring customers. Check this out – over 2 Years and still not fixed… even those emergency patches you just downloaded don’t fix it….
Quote:
Two years on, Apple iOS VPNs still leak IP addresses…. "VPNs on iOS are a scam." “Horowitz updated his post to confirm that iOS 15.6 – Apple's latest iOS release if you don't could the 15.6.1 update that went out yesterday to patch two zero-day bugs – is still vulnerable.” "At least Apple knows about the issue." Two and a half years on, Apple's awareness looks indistinguishable from ignorance.”
https://www.theregister.com/2022/08/19/apple_ios_vpn/
Dead silence - The Register asked Apple to comment and the company has not responded, which is not completely expected.
Apple's long-standing resistance to engaging with the public, the press, and security community, to respond openly to concerns, and to provide status updates about outstanding issues allows issues like this to fester - until the public clamour grows so loud it cannot be ignored. It's the same bunker-mentality communications policy that allowed the company to formulate a CSAM scanning plan for iCloud that blew up in its face once the public got wind of the idea.
Historically – we all remember the iPhone battery scam where Apple duped their customers – shocking and shameful – I’m sure you will agree?
Would you buy from a company like this? Well yes; if being fashionable, on trend, or running with the sheep is your bag. However if security and privacy are on your list…?