Kaspersky/Securelist researchers detail zero-click iPhone exploit involving four distinct zero-day vulnerabilities, including undocumented hardware features in iPhone chips
Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs.
Makes me laugh because of how cultishly people claim iphone is secur, yet we keep hearing how susceptible it really is to attacks. There is a real disconnect there.
I would feel foolish making these claims, and paying more for a device that's only real achievement is a walled garden.
This is kind of a ridiculous take. I hate iPhones, but this is not a "hurr durr iPhones bad and insecure" moment. I implore you to look at the sophistication of this attack. The attack chain is so ridiculously long and complex, and only because of the security of the iPhone. This is not a script kiddie attack, and could only be executed by a very determined party.
No device is secure, and any and all computers could potentially fall victim to an attack like this, but it is absolutely ignorant to say that iPhones don't offer any more security than other devices.
Yeah absolutely. This line from the article summs it up pretty well...
""What we do know—and what this vulnerability demonstrates—is that advanced hardware-based protections are useless in the face of a sophisticated attacker as long as there are hardware features that can bypass those protections.""
Edit: We also have no idea how many zero days there are in Android, either. 🤷♂️ But at least it's a bit more open source than iOS 😂
Yeah. The moral is "every and all devices have an unknown number of zero-days inactive or actively being exploited at any given time", not "iPhone is just as insecure as everything else". There's a difference, and credit is deserved where it's due.