that doesn't answer the question of why didn't they go public with the information? Most people don't update frequently enough. Also some people may need to change password etc. if they've visited those sites.
That's easy, apple does not know if your specific mobile has been compromised. Also, nobody stole anything from Apple... It was a vulnerability and they provided a patch (remember that software is provided "as is")
I can't see how any software provider (ie Microsoft, Linux, Google... ) will say "install this patch to fix this and you may or may not been hacked, good luck"... They just provide the patch.
> I can't see how any software provider (ie Microsoft, Linux, Google... ) will say "install this patch to fix this and you may or may not been hacked, good luck"
This is part of the reason CVEs and security bulletins exist. We're being notified about potential issues all the time by many vendors.
This is not a leak from a company is a leak from your device. The only one that can know if something has leaked is you.
Consider a lock manufacturer that has a key copy of each client. If someone enters in the building and steals all the keys, clearly the manufacturer should inform all their clients. But, if a vulnerability has been found in a lock model, the manufacturer can tell you about the vulnerability, but definitely they can't tell you if your house has been robbed that way (or if it has been robbed at all).
Anyway, with this story alone and without knowing if you have visited these webpages that allegedly hacked your iPhone (why aren't they listed?) the only thing you can do is renewing passwords in your most critical accounts.
They do. Every patch release contains release notes and security notes disclosing what vulnerabilities have been identified and patched. This is industry standard practice, because this is a regular occurrence on all software platforms.
It’s not big news when it happens all the time.
What is big news, that’s gotten lost in all the noise, is that Google (through it’s crawling of the web) has been able to identify that some websites were (are) indiscriminately jailbreaking iPhones for the purposes of stealing user data.
This is the kind of thing that is routine on Windows, is likely to be routine on Android (given how many unpatchable devices are in use) but wasn’t considered to be routine on iOS.
The takeaway from all this is simple: if you’re not fully patched, you’re at significant risk. It doesn’t matter which platform you use.
It's bad advertising. The purpose of a corporation is to make money for stockholders, not report to you that they failed to protect you from hackers. There is no advantage to letting you know, it's much better to just fix it and push the fix and be done with it. Corporations are not moral beings, it's silly to think of them in that manner.