this post was submitted on 08 Sep 2023

243 points (98.8% liked)

Privacy

30856 readers

689 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

[email protected]

243

0-Day Remote iPhone Full Access Being Abused, Update Immediately (citizenlab.ca)

submitted 11 months ago by [email protected] to c/[email protected]

23 comments fedilink hide all child comments

all 27 comments

sorted by: hot top controversial new old

[–] [email protected] 71 points 11 months ago (2 children)

Couldn't think of a better title, TL;DR via receiving an iMessage with a specially crafted image, an attacker can get full access to your device. Update iOS immediately to resolve the issue

[–] fartsparkles 38 points 11 months ago (1 children)

PSA: Android just published a patch for a very similar vulnerability in their September Security release. You should update your Android devices ASAP.

[–] [email protected] 14 points 11 months ago (1 children)

Which CVE is that and where can i read a description of how this vulnerability is being used?

[–] fartsparkles 6 points 11 months ago

CVE-2023-35674 No real details published yet but Google discussed it in their September security bulletin.

[+] [email protected] -71 points 11 months ago* (last edited 10 months ago) (4 children)

[deleted]

[–] [email protected] 50 points 11 months ago* (last edited 11 months ago)

Get off that high horse.

[–] [email protected] 20 points 11 months ago (2 children)

How do you block MMS from unknown senders on iOS?

[–] [email protected] 6 points 11 months ago

Settings > Messages > SMS/MMS > MMS Messaging (uncheck)

And/Or

Message Filtering > Filter Unknown Senders (checked)

Those seem to be the likely options, but I’ve zero idea if those will work.

[–] [email protected] 12 points 11 months ago* (last edited 11 months ago) (1 children)

at this point most iphone users are very much used to reicive images within imessage and have already forgotten that mms existed or are too young to actually ever had to deal with it, so to them it's just yet another picture.

[–] [email protected] 5 points 11 months ago

I'd never get random dick pictures that way though.

[–] [email protected] 17 points 11 months ago

Damn…so this isn’t the fun kernel level access exploit.

This is the boring, my data could be compromised exploit.

[–] [email protected] 12 points 11 months ago

Fuck, the NSO group managed that shit again?!

[–] [email protected] 9 points 11 months ago (2 children)

lmao, iMessage again ? zero user interaction needed, again ?!

Well done Apple

[–] fartsparkles 42 points 11 months ago* (last edited 11 months ago) (2 children)

It’s literally been 3 days since Android had a vulnerability of this exact nature: remote code execution with zero user interaction required (CVE-2023-35674).

Every piece of software has vulnerabilities lurking within. What matters is the velocity at which vendors address and resolve those vulnerabilities. Apple and Google are both exemplary at getting patches out quickly.

[–] [email protected] 15 points 11 months ago (1 children)

Stop bringing up old news. We're hating on Apple today!

[–] fartsparkles 3 points 11 months ago

Oops! I forgot to check the schedule.

[–] planish 0 points 11 months ago (1 children)

Every piece of software has vulnerabilities lurking within.

Remind me why we put up with this again? Formal verification does exist.

[–] fartsparkles 3 points 11 months ago

Formal Verification doesn't guarantee that the code is free of vulnerability, it just increases confidence in its security. It’s never perfect.

[–] [email protected] 6 points 11 months ago

butbutbut... blue box

[–] [email protected] 7 points 11 months ago* (last edited 11 months ago)

Article missing, here is the archive link. https://web.archive.org/web/20230908134811/https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/

Edit: able to access now but I'll leave it here just in case.

[–] darcy 3 points 11 months ago

ios "the more secure choice" try not to have a 0-day exploit challenge

[–] [email protected] 2 points 11 months ago

Lockdown mode stops it.