[devenblake]

> By 1 AM, I had sent Apple a POC and my analysis.

> Still, I'm very happy that Apple patched this issue in a timely manner once the exploit became public.

Sh- should we be happy Apple fixed this so quickly? unc0ver allows consumers to get more out of their Apple devices, and Apple's fix isn't really optional (unless you disable auto-updates and tap "Later" on every update notification). Is this exploit even an issue? Apple's probably not going to let an app exploiting this zeroday into its App Store and sideloading is difficult; it's very unlikely someone malicious is going to trick people into installing malware that uses this exploit. It sounds to me like Apple is purposefully limiting consumer freedom by actively trying to prevent jailbreaking.

[aSockPuppeteer]

It’s always a snake eating it’s tail scenario with jailbreaking. Apple takes popular tweaks and integrates them with the next IOS. Side-loading isn’t that bad but the method keeps changing...Usually for the better.

Jail breaking cuts into their profit a small amount because the community is small.

https://www.reddit.com/r/jailbreak

The benefits are very much worth it though. Most have had iOS 13 features since iOS 11/12. They have iOS 14 features now. Then there are other features that may not be released ever but people find them invaluable.

Ex: Per app specific Firewall per website. (Block tracking/ads)

-Disable apps ability to spy on your clipboard.

-Disable apps from accessing things you do not want them to but still launch.

-Themes, so many options: remove your status bar or put new things there.

-Custom widgets

-Detailed wifi, phone information

-Download old versions of apps because the company broke something.

-Detailed phone/memory/cpu info

-Terminal access.

Those are just a few off the top of my head.

[StavrosK]

This raises the question, who will come up with Apple product features when all the 0days have been patched?

[season2episode3]

Yeah, I swear. They're a hardware company more than a software one... it shows in their utter lack of imagination for their software. Even their UI/UX design is really suffering compared to their competitors.

Disclaimer: I continue to use an iphone primarily because I'm happy and fine with the walled garden.

[farisjarrah]

With a codebase as large as iOS its highly unlikely that all 0days will ever be fully patched. Apple is constantly iterating on their code and introducing new features(and bugs) and security engineers are always coming up with new methods to exploit code.

[Hackbraten]

Also, given the age of XNU, kernel developers come and go, and chances are that typical mistakes (for example, improperly using the MIG) get repeated.

[BEEdwards]

Or you could just buy an android and not worry about it.

Not even to fan boy, but half of those are things that android did from the go and the rest have been added or are generally easy to do.

[zaptrem]

But then we miss out on Apple's hardware quality, industry-crushing A-Series processors, and (for the most part) rock solid and extremely efficient OS.

[eertami]

>But then we miss out on Apple's hardware quality, industry-crushing A-Series processors,

To what end, my 5 year old midrange phone still loads everything instantly (Snapdragon 801). Is there actually any benefit of 'top of the line' mobile CPUs except for mobile gamers?

[devenblake]

I was an Android fan for years, but as a kid I'd always wanted an iPhone 4 so I got one recently. At the time there were some weird blocks on everything (I still don't really know what was happening but everything works now) so eventually I just got an iPhone SE (the good one, with the headphone jack). It blew my mind. The animations actually run at high framerates, the keyboard has very little latency, and it just works. I've never tried out a high-end Android that could hold up to my SE based on keyboard latency alone. It makes a really big difference.

[Wingman4l7]

You better hope they don't ever bring their premium-priced laptop "hardware quality" to their phones -- failing GPUs, failing monitor ribbon cables, failing keyboards...

[paulmd]

ipad pros are already there, they're so thin they can arrive bent right out of the box.

ipads and iphones are amazing hardware in every other respect but Apple really needs to chill with the ultra-thin fetish.

(same goes for their PC hardware, but the hardware is not particularly amazing there.)

[megablast]

And worry about something else, like it exploding, or not getting security updates after the first year, or boot loop, etc.

[strombofulous]

> Like it exploding

That was an issue with one phone, once, and it was a problem with the battery, not Android

> Not getting security updates after the first year

That's actually solved by rooting since you can update from any source instead of just signed packages

> Boot loop

I guess that could be a problem but I've never had that issue and I've rooted all but one phone that I've had

[muppetman]

That's NOT solved by rooting - I wish people would stop saying this.

There's two parts to Android patching - the kernel/Android OS itself - yes, this gets patched with a rooted/custom ROM.

Part two is the hardware drivers themselves, the modem driver etc etc. None of that is patched with a custom ROM. You still have to use the same binary blob/drivers that came with the latest official phone firmware.

When security updates stop for you phone, all the updates for the underlying hardware drivers stop too. So yea, you can slap some bandaids on it, but you're not really up to date even though you might be on a later/more recent version of Android.

[cookiengineer]

Your definition of “solved” is pretty identical to OpenBSD user recommending to “just patch your BIOS”. Demographically this is not a solution, as 99.9999% of the potential audience will never be able to even understand the requirements of that skillset.

[ueouieodue]

> That was an issue with one phone, once, and it was a problem with the battery, not Android

If my house burns down, I personally won't care if it's android in general, the model, or the battery in the android phone which destroyed everything I own.

> That's actually solved by rooting since you can update from any source instead of just signed packages

Installing software downloaded from xda-developers is, what I like to call, malware as a service (tm).

[httpsterio]

That's like saying that all Apple products suck because they bend, antenna doesn't work, keys stop working and screens start to stain.

Like the person said, it was literally one Samsung model that had issues and it could've just as well have been an iOS device. Looking at how many recalls and repair programs they have for design flaws, I don't think anyone should paint Apple as the better side here.

[muppetman]

Can you link me to a custom ROM on XDA that was shown to have Malware?

[p1necone]

You need to do a bit more research because of the sheer number of options, but there's absolutely manufacturers that have none of those issues (battery exploding was one samsung model, I haven't heard of boot loop issues. Poor security update lifetime is absolutely a common issue though, although fixable by rooting as pointed out in another comment). See: Android One^.

^https://en.wikipedia.org/wiki/Android_One

[httpsterio]

Also iPhone lifetime is a bit of a joke. I mean, Apple got caught literally slowing their older models down on purpose in order to have people switch into newer models.

I haven't gotten as much mileage on my Android phones as compared to my 4S, but the 4S cost about 3 times as much as the android phones I usually buy and 3 lower end-ish Android phones serves me easily for 10 years with no issues.

[jodrellblank]

> "Apple got caught literally slowing their older models down on purpose in order to have people switch into newer models."

"Apple denied wrongdoing and settled the nationwide case to avoid the burdens and costs of litigation, court papers show." - https://www.reuters.com/article/us-apple-iphones-settlement-...

They haven't been "caught" doing that; they have been accused of that. Why is it the stupid conspiracy theory which wins the popularity contest, instead of the much more annoying true story - Apple cheaped out on batteries which couldn't provide enough current to run the phone as they aged? Or, just as factual, Apple slowed down the phone to keep it working longer on the same hardware thus making people avoid having to buy new phones.

[macintux]

> 3 lower end-ish Android phones serves me easily for 10 years with no issues

Are there any lower-end phones that get security updates for 3 years?

[cookiengineer]

> buy an android

> not worry about it.

I’m sorry, but this feels like a lie. I’m not trying to troll here, but most Android IT-level users I know flashed a custom ROM already and actually buy their devices based on whether or not LineageOS has support for it.

Almost all Android devices are non-Google devices, which makes their OEM state bloated with custom sync crap nobody even wants to use but have no choice.

Xiaomi, Motorola, Lenovo, Huawei, HTC ... all force their own shitty half-working synchronization platforms up their users’ phones. And I bet that this happens with major GDPR violations.

As an Android “user” I do not recommend using Android for people that do not want to “worry about it”. And product wise I think that’s a huge quality issue.

[olliej]

Look at the attacks on various human rights activists- those are using the same exploits that jailbreaks use.

Fixing bugs used to attack people means fixing bugs used for jailbreaks. There isn’t some magical mechanism by which a jailbreak exploit isn’t exploitable but anyone else.

[swiley]

In other words:

The current model fails to protect people anyway while providing an extremely strong incentive for the community to publish software that undermines the “security” of the device.

[saagarjha]

Of course, removing the need to jailbreak for such control would mean that this dichotomy would not have to exist…

[djrogers]

If you remove the need for a jailbreak in order to allow arbitrary code to run on any device, you're allowing arbitrary malware to run on any device.

[saagarjha]

The problem is not running arbitrary code, but running arbitrary code without informed consent. Malware runs without consent. Apple's solution for iOS is removing the ability to run anything completely, bypassing the need to figure out how to obtain consent.

[jsjohnst]

> bypassing the need to figure out how to obtain consent

How do you propose getting “informed” consent from an audience who doesn’t care and willingly expose everything about themselves and everyone they know to find out which Star Wars character or 80s pop song they are most like? Genuine question, as this doesn’t seem the least bit a solved problem anywhere.

[saagarjha]

It's not an easy problem! But Apple should work on solving it–they have already put in some effort in this direction on macOS, although they have their hands tied behind their back there because they're going from unrestrictive → restrictive and such changes usually break things and make people angry. On iOS they pretty much have a "clean slate" with which to start with.

Usually, solutions in this area generally have a couple of characteristics: the first is that the "secure" case is generally useful for 95+% of people, to the point that they might not even know that there are other "modes" that are more permissive. The second is putting surmountable but significant barriers in place to prevent disabling these features, in an attempt to prevent casual/unintentional deactivation. Strange key combinations that lead to scary text and wiping the device seem to be fairly effective in keeping out people who cannot give informed consent. And a third is allowing a user-specified root of trust: for example, one can imagine an iPhone that is every bit as secure as any other iPhone today because I have enabled all the security features, but it's using my keys to attest against instead of Apple's. There's a lot of interesting work being done in this area: one I personally like is Chromebooks, which have the dual purpose of being secure, "locked-down" devices for general consumer use, but also for being useful for development work. And there we're seeing interesting solutions such as using KVM to run an isolated Linux, developer mode, write protect screws, …

[swiley]

I don’t understand why people think that because some people are clumsy the rest of us have to live in a straight jacket.

[pcwalton]

To be more specific, the problem is that malware is a separate category from useful and harmless application code that people want to run but that Apple doesn't want to allow for a variety of reasons, but Apple forbids both types of software.

(Focusing on user consent obscures the actual problem; people often consent to running malware. What matters is whether the software to be run is useful and harmless.)

[saagarjha]

> people often consent to running malware

Ah, but not in an informed way–users don't typically run software they know to be harmful/useless :P (And no, telling them that it is harmful isn't apparently enough to inform them…) But I agree with the first part.

[fomine3]

Bootloader unlock is the way that works on Android. It forces user to erase data when unlock it and unlocked status is shown in boot screen.

[londons_explore]

> Look at the attacks on various human rights activists

I believe all these begin with browser or existing-app based exploits.

None of them seem to rely on tricking the user into installing a new app. That would be too suspicious for the user, and would entail the attacker uploading their exploit code to apple, and giving apple a full list of users who they exploited...

[saagarjha]

Not sure if this call is allowed through the new syscall filter in WebKit, but before it this was one JavaScriptCore bug away from achieving the same thing.

[kevin_nisbet]

> Apple's probably not going to let an app exploiting this zeroday into its App Store...

Are you sure about this?

I'm far removed from the app store development world, but a cursory glance at the description and the original lightspeed bug seem to indicate this is a problem within the kernel interface, and as such I assume callable by any application??

Sorry, I could be missing something, just curious why this couldn't occur in the app store.

[saagarjha]

I think the implication was that App Store review would catch such things. Personally, I'm not so sure, considering that Snapchat currently ships a binary with syscall instructions embedded in it.

[yunruse]

It is likely this is a heuristic; Apple would lose out disallowing major companies, so rules are sometimes shifted, if not explicitly for all. Snapchat being pulled would cause a minor exodus, I imagine, especially if it was heavily leaned on that Apple were responsible for their removal.

[saagarjha]

That is likely true, but slipping in a call to list_lio would be really easy to do. Even if they had a check for the syscall instruction in this case, you could just ROP your way to libc…

[wolco]

It would probably kill snapchat and force many groups to other platforms.

[wrkronmiller]

It’s possible for both to happen. People might switch chat apps in the short term, but reconsider buying an iPhone in the next cycle (esp. if Apple makes a habit of killing off popular apps).

[ehsankia]

The second paragraph of the article covers this:

> I wanted to find the vulnerability used in unc0ver and report it to Apple quickly in order to demonstrate that obfuscating an exploit does little to prevent the bug from winding up in the hands of bad actors.

[stefan_]

Maybe this should read "that obfuscating an exploit does little to prevent the bug from winding up in the hands of a talented full time security researcher".

Of course if he was this talented, surely he would routinely diff new kernel versions and realize the old bug had been reintroduced before having to rediscover it in a jailbreak?

[ueouieodue]

I'd make sure I had a solid foundational basis before calling anyone on the PZ team untalented ;)

He abused the jailbreak to cause a crash. A talented researcher would try that before diffing kernel binaries.

[ehsankia]

> talented full time security researcher

If a single security researcher can de-obfuscate it in under a day, then a nation state with huge funding can too. Maybe not in a day, but eventually.

[lilyball]

The existence of jailbreaking fundamentally breaks the security of the device. It means any malicious app that manages to get on your device can turn into a full system compromise. It means any RCE can as well.

[realusername]

It always depends on which side of "security" we're talking about. You could argue that not having access to security tweaks & not being able to see what's going on because the OS is so locked down is a security issue in itself which can be solved by jailbreaking.

Currently, sharing security issues with Apple is a guaranteed that the tooling you are using to get access to your device won't work anymore, there's definitely an bad incentive to not report security flaws at the moment.

[tptacek]

That's right, which is why we called it "jailbreaking" in the 1990s when someone got mad at you on IRC and jailbroke your machine and stole your mail spool. I mean, jailbroke your mail spool.

I take your point, which is that jailbreaking is good if what you want is to run random unapproved code on your machine. But you didn't seriously engage with the comment you rebutted, because it is also true that jailbreak prevention prevents persistent kernel compromise --- is in fact a predicate for preventing persistent kernel compromise --- which is a thing that really does happen; in fact, it's far more relevant to the overwhelming majority of Apple users than running unapproved code is.

[realusername]

I don't really have the same opinion on this, I consider the obscurity of the platform a security issue by itself. At the end of the day, remote jailbreak exploits are pretty rare nowadays so you need to have a real access to the machine.

To have an idea if an app is sharing your data you need to be jailbroken, to have an idea of what is being sent from your device you need to be jailbroken, to force a stricter control on apps you also need to be jailbroken. I mean, you get the point. Any action you could do regarding security requires you to be jailbroken first.

[tptacek]

We're discussing this on a story about an untethered jailbreak --- a kernel RCE.

[realusername]

Yes that's true indeed, I was talking in general. Maybe having a more opened device would help getting security fixes faster? One of the main reason this exploit was heavily obfuscated was to avoid Apple to patch it.

[lawnchair_larry]

This is neither untethered nor RCE.

[saagarjha]

Thethered, not untethered. There hasn’t been a tethered jailbreak in quite a while.

[bzb3]

There are lots of ways apps can run arbitrary code, so stopping them via the app store is not feasible. Myself I'm happy my phone is safer.

[swiley]

> unless you disable auto-updates and tap "Later" on every update notification

Some of us do that for this exact reason. I wish there was a way for me to just pick software to give root to though, this is way less secure.

[the_pwner224]

This is how it works on Android. Generally on a rooted phone you have a 'manager' like Magisk or Superuser. The first time an application tries to use root, the manager makes a popup and allows you to grant permission temporarily or forever.

[curiousgal]

I 100% agree but then again, people choose to buy those products so..