iOSDevSWE

lkrupp said:

iOSDevSWE said:

wood1208 said:

No biggy. It's software bug so will be fixed in dot release.

You don’t seem to grasp the depth of this exploit. Any app could have been downloading everyone’s contacts. It is one of the worst exploit I’ve ever heard of. There is no way to get rid of it. Oh yeah: switch off your phone!

Bullshit. Give us your real name and security expert credentials and then maybe we’ll pay attention. Otherwise you are just an anonymous tech blog chicken little. How many times have we had to endure predictions of doom by a user claiming to have 30 years experience in IT and a literal God of the internet, only to find out those predictions were baloney?

Haha, your comment proves you are not a developer. You don’t need any of my credentials, you can try it yourself! Just do like me: you go to GitHub we’re the code is: https://github.com/illusionofchaos/ios-gamed-0day then install it on your iPhone. You are not a developer but you can install it on your phone by first downloading Xcode on your Mac (free). Then register an AppleID (free). As a non developer you are authorized to install max 3 apps which is enough here. When Xcode is installed open up the .xcodeproj file you downloaded from GitHub. Change in “Signing” to your “appleID”. After that can you try the app! You will see just like me several rows (a List since the dev wrote the code in SwiftUI). The first one links you to all your Contacts, interactions with them with many details. After that the row supposed to display “speedDial” fails so I can’t see any phone calls, instead comes a line pointing to pictures from your contacts. Later on details about your Game Center ID (AppleID, Full name and surname).
I’m not only an iOS developer, I’m also a mobile pentester with GIAC certification from my SEC575 sans.org course: I tried to use exploit to show info about the IMSI info (xpc service mmcs.plist) but did not manage it.
So no, I’m not alarmist, I just tried the code myself instead of just reading the info. 

wood1208 said:

No biggy. It's software bug so will be fixed in dot release.

You don’t seem to grasp the depth of this exploit. Any app could have been downloading everyone’s contacts. It is one of the worst exploit I’ve ever heard of. There is no way to get rid of it. Oh yeah: switch off your phone!

What a huge mistake from Apple! With the Game Center exploit I manage to retrieve all contacts from the address book! Even after I deployed a profile disabling Game Center! This is not good at all.
Apple will surely put that on Corona and difficulties to coordinate, but still, this is really not good as any developer that also new about this exploit could have used it.
Looking forward to reading the excuse from Apple.
When do you think Apple will release a new iOS software update?

“Update not found” ... the quality of service has dropped at Apple...

Rayz2016 said:

iOSDevSWE said:

https://developer.apple.com/documentation/apple_silicon/about_the_rosetta_translation_environment

Apple Silicon is using arm64 instruction set. Period.

Yup. We know. 

If everybody knew Canukstorm and I would not have to state the obvious. That’s why I wanted to clarify this once for all with a link to Apple’s website stating it is arm64. You said “Yes we know” but you were excluding those that wrote stupid things here thinking it is not. 😉