dshanah
About
- Username
- dshanah
- Joined
- Visits
- 5
- Last Active
- Roles
- member
- Points
- 5
- Badges
- 0
- Posts
- 4
Reactions
-
USB-C on iPhone is good - but not as an excuse for a bad law
But the law isn't supposed to be about needing different cables, it constantly refers to "chargers" and how wasteful it is to have to buy and own different chargers for different devices. Which you don't, all you need is compatible cables.miguelghs said:This article is wrong in so many levels. I keep seeing media and blogs obsessing about Apple but what they fail to see is that I have to keep a cable for my phone, a cable for my headphones, a cable for my computer, a cable for my watch, a cable for my tablet, etc etc… and as me, there’s many others.
I wish this law was approved many years ago and we wouldn’t have to deal with this mess.The law's drafters seem to think that the cables are still permanently attached to the chargers like in the old Nokia flip phone days. They don't seem to realise that you can buy cables separately from chargers. Cables are cheap, they are easily obtainable, they come in the box with most devices and they don't create much e-waste compared to the chargers themselves. You can use older chargers with newer devices, all you *may* need is different cable.
-
Apple says iOS Mail vulnerabilities do not pose immediate threat, patch coming
As I understand it the Mail bugs by themselves are not enough to give a remote attacker control of the iPhone, enable them to install malware/spyware on it, etc. But, if combined with another exploit, likely a zero day kernel vulnerability, the attacker can then compromise the device. And it seems that there may be one or more zero day iOS kernel vulns out there that some attacker(s) are using, along with these Mail bugs, against specific targets — these are the "in the wild" attacks ZecOps came across and are talking about. The attacks are probably being conducted by nation state actors, think NSA, China, NK, Saudi Arabia, etc. Problem is ZecOps apparently don't know the details of the kernel vuln(s) these attacks used, just the Mail vulns that the attacks use to start the process, and Apple likely don't know the details of the other vulns either. Yet. So both parties are telling the truth, but only part of it — ZecOps have found targeted attacks on individuals that use these Mail vulns as part of the process, but all they could tell Apple the details of was the Mail bugs. And Apple are correctly stating that by themselves these Mail vulns are not sufficient to threaten iOS users security. What Apple don't want to admit publicly is that there may be one or more other, unknown, bugs out there that when combined with these Mail bugs do threaten users security. I guess it's even possible that the kernel vuln(s) the ZecOps attacks used have already been patched in a recent(ish) iOS update but were used against targets who had not installed the patched version for whatever reason (we've no idea when these victims were attacked, maybe before the patch was available?)
