EsquireCats

Not measured here are the myriad of other issues with the LG UltraFine 5k, including:
1. slow wake time or more rarely unresponsive to waking.
2. backlighting issues best described as the macbook “stage light” problem.
3. The “hydraulic” adjustment system is jerky and requires two hands to operate, it’s also is easy to de-level the screen.
4. The apple community forums are full of system crash complaints related to the LG screen. Particularly if using a macbook pro with dual GPUs.
5. Colour consistency is poor with a noticeable gradient.
6. Sometimes the display will wake with a stripe of offset pixels.

One final note: the apple display has their typical hard glass surface, the LG has no protection, it’s just the cheaper plastic-feeling deformable/soft layer

 h4y3s said:

Anyone have more details?

Here is the first part of the deep dive: https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html

to over-simplify it (because it truly is a nation-state level hack.)
1. Overflow in a seldom used dependency that is actioned prior to blastdoor.
2. That overflow is carefully manipulated to utilise certain features of an image decompressor to establish a basic set of operators (AND/OR/XOR etc.) These are the fundamental building blocks of electronics circuits, aka processing on a computer.
3. Those building blocks are then used to build (I'm not joking) a full computer architecture including registers, a full 64-bit adder and comparator which then runs the relevant scripts to boot strap the next stage of the hack.
4. The article stops here, but the next part will detail how this is used to break through the relevant sandboxing to the installation of the spyware.

The fragility of it is exceptional, but the time and cost to develop such an exploit is what's more remarkable. It also forms a good argument about removing seldom used features and retiring old standards. The JBIG2 format provided the necessary tools for this exploit to run, but also is largely irrelevant and seldom used. It may just be better to remove that functionality altogether. (JBIG2 decoding is included as part of support for PDFs.)

Edit: Just as follow-up, Apple made a number of changes to address this entry method. Moving more areas to inside Blastdoor as well as greatly restricting the number of available formats available for Messages (i.e. just the ones it's meant to support.)

ravnorodom said:

Go figure. Apple. That's why CCP leaves Apple alone vs. other U.S. companies. To do business in Asia, all you have to do is bribe to get your place secured.

That’s the problem with the report and this line of thinking; the CCP don’t leave Apple alone - regular readers of apple news can trivially recall numerous recent examples where the CCP’s state controlled media have encouraged Apple boycotts and similar.
Apple have incredibly limited activities in the country and don’t even have some of their most basic services available. 

If there is a deal - it’s a bad one because Apple is not getting anything out of it - rather it appears whatever tolerance the CCP has for Apple is driven by their indirect employment of millions of workers through device production. 

AppleCare+  goes well beyond the territory of the general warranty and does provide real value.

• On theft/loss it is SIGNIFICANTLY cheaper than the equivalent portable contents insurance
• the device replacement speed is literally 1-2 days versus months with insurance, they'll also pre-ship you a replacement so you don't have to go without.
• Glass/Screen repair can be done at your home
• Battery replacement makes an older device like new, they'll do it for anything under 80% capacity

That's not to say that everyone will want these things, but for the price being paid Apple's coverage is inexpensive in comparison to the market and exceedingly generous.

The higher-end lossless options will have data rates that exceed a lot of peoples peak broadband internet speed.