Yet another Astoundingly Huge Massive Indiscriminate iPhone Hack Has Been Going Strong for Two Years! (it never ends)

[Arlen G. Holder]

Yet again, Apple apparently prefers to highly advertise the mere _illusion_
of security, instead of actually providing anywhere near the advertised
level of security.

Basically, Apple doesn't even bother to test sufficiently for security.
o Advertising imaginary functionality is so much easier than delivering it

What's funny is the average iOS user feels safe by the mere diarrhea of
frequent (yet extremely insecure) iOS releases, without these users ever
realizing that every release from iOS 10 to 12 was allowing personal data
to be easily indiscriminately harvested by hackers.

The fact Apple merely _advertises_ security - without actually delivering it
o Is doing a great disservice to Apple users because they _feel_ safe
o Without ever actually being safe.

FACTS:
o A very deep dive into iOS Exploit chains found in the wild
<https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html>

o Google Says Malicious Websites Have Been Quietly Hacking iPhones for Years
"It may be the biggest attack against iPhone users yet."
<https://www.vice.com/en_us/article/bjwne5/malicious-websites-hacked-iphones-for-years>

o Massive iPhone Hack Uncovered by Google: What You Need to Know
<https://www.tomsguide.com/news/thousands-of-iphones-secretly-hacked-for-years-google-reveals>

o These malicious website exploits targeted iPhone users for years
<https://macdailynews.com/2019/08/30/these-malicious-website-exploits-targeted-iphone-users-for-years/>

What's funny is that iOS users tend to "feel" safe by the diarrhea of all
these untested iOS releases - when the facts show that they are full of
security and privacy holes so big you can drive a bus though them.

Fact is, and the proof shows ... Apple never tests iOS sufficiently
o It's so much better to highly advertise the mere _illusion_ of
functionality than to actually deliver on the promises Apple makes.

[Arlen G. Holder]

On Sat, 31 Aug 2019 02:32:27 -0000 (UTC), Arlen G. Holder wrote:

> Basically, Apple doesn't even bother to test sufficiently for security.
> o Advertising imaginary functionality is so much easier than delivering it

a. Apple doesn't test the diarrhea of iOS releases sufficiently
b. Never trust anything Apple says in the iOS release notes

FACT:
Apple didn't find these "terrible" security holes - Google found them.
"On February 1st 2019 Project Zero reported to Apple that they had
detected a set of five separate and complete iPhone exploit chains
affecting iOS 10 through all versions of iOS 12 not targeting specific
users but having the ability to infect any user who visited an infected
site."
<https://en.wikipedia.org/wiki/Project_Zero>

FACT:
o Apple fixed these "terrible" bugs in iOS 12.1.4
"Apple fixed the exploits in the release of iOS 12.1.4 on February 7th, 2019."
<https://en.wikipedia.org/wiki/Project_Zero>

FACT:
o Malicious Websites Have Been Quietly Hacking iPhones for Years
o It may be the biggest attack against iPhone users yet.
<https://www.vice.com/en_us/article/bjwne5/malicious-websites-hacked-iphones-for-years>

LOGICAL ASSESSMENT:
o It's a hugely big deal in terms of security holes for multiple releases
o And yet, you wouldn't know anything about it from Apple's release notes
<https://support.apple.com/en-us/HT209520>

Apple severely downplayed it as a single "memory corruption" issue:
"A memory corruption issue was addressed with improved input validation."

Yeah. Right. That's basically a lie given it was 14 separate issues, at
least one of which was a zero-day exploit, that spanned the gamut of
releases pervading all layers of the operating system.
o The facts are clear - where you can make your own _adult_ assessment.

LOGICAL ASSESSMENT:
o *Apple never tests the diarrhea of iOS releases sufficiently*
To wit: "The root causes ...ere are not novel and are often overlooked [by Apple QA testing]".
<https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html>

LOGICAL ASSESSMENT:
o *"Don't ever trust anything that Apple says in their release notes"*
To wit: "Working with TAG, we discovered exploits for a total of fourteen
vulnerabilities across the five exploit chains: seven for the iPhone┬ web
browser, five for the kernel and two separate sandbox escapes."
<https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html>

[Alan Baker]

On 2019-09-02 3:56 p.m., Arlen G. Holder wrote:
> On Sat, 31 Aug 2019 02:32:27 -0000 (UTC), Arlen G. Holder wrote:
>
>> Basically, Apple doesn't even bother to test sufficiently for security.
>> o Advertising imaginary functionality is so much easier than delivering it
>
> a. Apple doesn't test the diarrhea of iOS releases sufficiently

Why are you calling their releases "diarrhea"?

> b. Never trust anything Apple says in the iOS release notes

Which notes would that be?

[Arlen G. Holder]

On Mon, 2 Sep 2019 22:56:14 -0000 (UTC), Arlen G. Holder wrote:

> LOGICAL ASSESSMENT:
> o *Apple never tests the diarrhea of iOS releases sufficiently*
> To wit: "The root causes ...ere are not novel and are often overlooked [by Apple QA testing]".
> <https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html>
>
> LOGICAL ASSESSMENT:
> o *"Don't ever trust anything that Apple says in their release notes"*
> To wit: "Working with TAG, we discovered exploits for a total of fourteen
> vulnerabilities across the five exploit chains: seven for the iPhone┬ web
> browser, five for the kernel and two separate sandbox escapes."
> <https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html>

Adults need to be able to do two very simple things:
a. Comprehend basic facts, and,
b. Form logical assessments of those facts.

FACTS:

There are _plenty_ of facts, but all you need are two sets, Alan Baker:
A. <https://support.apple.com/en-us/HT209520>
B. <https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html>

Any adult will be able to comprehend the facts in those two references.
o Any adult can then form a logical assessment from those facts.

LOGICAL ASSESSMENT:

The facts clearly support the logical assessments
1. Apple (yet again) didn't test the diarrhea of iOS releases sufficiently
2. Don't every trust anything that Apple says in their release notes

ADULT DISCUSSION:

By now you should be aware that these exploits were sophomoric, where that
is proof enough that Apple didn't even bother to test the diarrhea of iOS
releases (where this quote from the reference above is telling):
"The root causes I highlight here are not novel and are often
overlooked: we'll see cases of code which seems to have never worked, code
that likely skipped QA or likely had little testing or review before being
shipped to users."

By now even you should be aware of the basic fact that this "terrible" set
of flaws shipped for _years_ in _multiple_ iOS releases, right?

And, even you should be aware by now that the huge number of flaws spanned
the entire gamut of the operating system for a total of fourteen
vulnerabilities across the five exploit chains: seven for the iPhone's web

browser, five for the kernel and two separate sandbox escapes.

And yet, all Apple says about the exploits in its release notes is that
they fixed a single memory corruption issue.

In summary, Adults should be able to do two basic things, Alan Baker:
a. Comprehend basic facts, and,
b. Form logical assessments of those facts.

The fact is that Apple clearly lied by calling the fourteen issues which
spanned the layers a single memory corruption issue.

Since my belief system is not only based on facts, but bolstered by facts,
if you wish to dispute those logical assessments above, all you need to do
is provide FACTS which support your contrarian point of view, Alan Baker.

BTW, since you apologists own the minds of children, we can't even touch
the real issues here, which is the logical assessment that Apple's
(admittedly brilliant) marketing of the mere _illusion_ of security does
everyone who owns iOS a supreme disservice, where, Google put it this way
in the references above:
"Real users make risk decisions based on the public perception of the
security of these devices."

That logical assessment is easily understood by adults, Alan Baker.
o But there's no way we can get to that level with you in this thread.

[Alan Baker]

On 2019-09-02 4:11 p.m., Arlen G. Holder wrote:
> On Mon, 2 Sep 2019 22:56:14 -0000 (UTC), Arlen G. Holder wrote:
>
>> LOGICAL ASSESSMENT:

>> o*Apple never tests the diarrhea of iOS releases sufficiently*

>> To wit: "The root causes ...ere are not novel and are often overlooked [by Apple QA testing]".
>> <https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html>
>>
>> LOGICAL ASSESSMENT:
>> o *"Don't ever trust anything that Apple says in their release notes"*
>> To wit: "Working with TAG, we discovered exploits for a total of fourteen

>> vulnerabilities across the five exploit chains: seven for the iPhone¢s web

>> browser, five for the kernel and two separate sandbox escapes."

>> <https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html>
> Adults need to be able to...

...back up their claims?

I agree.

So why don't you?

[nospam]

In article <qkk7ju$ebt$1...@news.mixmin.net>, Arlen G. Holder

<arlen.g...@arlenholder.net> wrote:

>
> Adults need to be able to do two very simple things:

1. not troll
2. understand what a fact actually is.

[Arlen G. Holder]

On Mon, 2 Sep 2019 16:15:38 -0700, Alan Baker wrote:

> ...back up their claims?
>
> I agree.
>
> So why don't you?

Hi Alan Baker,

Adults are supposed to be able to comprehend basic facts
o And then, adults are supposed to be able to form logical assessments

Adults can assess the facts which clearly support the logical assessment:
o Don't ever trust anything that Apple says in their release notes

FACT:
o Apple release notes refer to a *single* memory corruption issue
o Which turns out to be a devastatingly huge set of flaws
o Spanning _years_ and multiple iOS releases (all insufficiently tested)
o Encompassing 14 different exploits (many of them sophomoric)
o Involving all levels of the clearly untested iOS diarrhea of releases

LOGICAL ASSESSMENT:
o And yet, Apple essentially lies, calling it a mere single memory issue.

Worse - these 14 issues were easily found if Apple actually did QA testing
o Which clearly, Apple did not sufficiently perform on the iOS diarrhea

Google said it best when Google said that these bugs were _easy_ to find.
o And yet, as always, Apple didn't sufficiently test its iOS diarrhea

Given we've already proven what Apple "said" in its release notes:
o About the security content of iOS 12.1.4
<https://support.apple.com/en-us/HT209520>

As adults, let's look at how the media interpreted those release notes.
o Shall we?

Let's start with Forbes on the release date of Feb 7, 2019, 01:21pm
o Apple Releases iOS 12.1.4: Details About The Important Update You Should Know
<https://www.forbes.com/sites/amitchowdhry/2019/02/07/ios-12-1-4-features/#5fd5af596c8a>

Just _look_ at the first line of that aricle if you want an understatement:
"Today Apple has released iOS 12.1.4, which is a minor point update that
does not contain any major features."

Then, _look_ at the second line, for yet another astounding understatement!
"However, iOS 12.1.4 fixes what is considered one of the worst bugs in
iOS history."

Adults will note that this "worst bug" in iOS history is NOT the
devastatingly huge bugs that we're talking about in this thread.

Nope. That's ANOTHER set of bugs, which pale in comparison to this set of
bugs, which is, you have to admit, kind of funny if it wasn't so sad.

This bug was not found by Apple's insufficient QA - but by a 14-year old
child, Alan Baker.

Fancy that.

A child easily found horrific bugs in the iOS release that Apple QA didn't
find, where the facts clearly show Apple never tests the iOS diarrhea
sufficiently.

And this was not just some ordinary bug - Alan - it was a biggie.

"The bug enabled users to access the audio and video of any iPhone
running iOS 12.1 or later without being detected."

While you apologists don't own the adult mindset to appreciate these facts
a. The fact is that Apple hugely downplayed the devastatingly huge impact
of these bugs - where - what's funny - is that Apple _already_ had
devastatingly huge iOS bugs ALREADY in that same release!

Adults can assess the facts which clearly support the logical assessment:
o Don't ever trust anything that Apple says in their release notes

[Arlen G. Holder]

FACT:
o Malicious Websites Have Been Quietly Hacking iPhones for Years
o It may be the biggest attack against iPhone users yet.
<https://www.vice.com/en_us/article/bjwne5/malicious-websites-hacked-iphones-for-years>

LOGICAL ASSESSMENT:
o Apple never tests the diarrhea of iOS releases sufficiently

o And yet, you wouldn't know anything about it from Apple's release notes
<https://support.apple.com/en-us/HT209520>

Apple severely downplayed it as a single "memory corruption" issue:
"A memory corruption issue was addressed with improved input validation."

Yeah. Right.

That's basically a lie given it was 14 separate issues, at least one of
which was a zero-day exploit, that spanned the gamut of releases pervading
all layers of the operating system.
o The facts are clear - where you can make your own _adult_ assessment.

LOGICAL ASSESSMENT:

o *Apple never tests the diarrhea of iOS releases sufficiently*

To wit: "The root causes ...ere are not novel and are often overlooked [by Apple QA testing]".
<https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html>

LOGICAL ASSESSMENT:
o *"Don't ever trust anything that Apple says in their release notes"*
To wit: "Working with TAG, we discovered exploits for a total of fourteen

vulnerabilities across the five exploit chains: seven for the iPhone┬ web

[Arlen G. Holder]

On Mon, 02 Sep 2019 19:16:48 -0400, nospam wrote:

> 1. not troll
> 2. understand what a fact actually is.

Hi nospam,

The facts show Apple advertises the mere _illusion_ of security.
o iOS diarrhea makes people _feel_ safe - without actually being safe!

The facts are that in the same iOS 12.1.4 release that contained the
devastatingly huge bug that a 14-year old boy found in iOS privacy, there
were 14 even more devastatingly huge bugs that were not found by Apple,
spanning years and multiple releases of the iOS diarrhea from iOS 10 to 12.

Adults comprehend those facts
o And adults form logical assessments of those facts.

Given that a mere child found the first devastating iOS bug, and given that
Google said that the 14 bugs results from untested iOS releases, an adult
could logically make the following assessment.

o Apple does not sufficiently test the iOS diarrhea that they ship.

Worse, Google said it best when they noted that people _believe_ Apple's
highly advertised promise of trust.

And yet - the fact clearly support the adult logical assessment:
o That promise of trust - is yet another Apple well-marketed lie.

The sad thing is that people _believe_ Apple's lies of security/privacy
o Therein lies the real damage.

People trusted the diarrhea of iOS releases
o Simply because Apple said that they were security

The facts show Apple advertises the mere _illusion_ of security.

[Alan Baker]

On 2019-09-02 5:56 p.m., Arlen G. Holder wrote:
> FACT:
> o Malicious Websites Have Been Quietly Hacking iPhones for Years
> o It may be the biggest attack against iPhone users yet.
> <https://www.vice.com/en_us/article/bjwne5/malicious-websites-hacked-iphones-for-years>
>
> LOGICAL ASSESSMENT:
> o Apple never tests the diarrhea of iOS releases sufficiently
> o And yet, you wouldn't know anything about it from Apple's release notes
> <https://support.apple.com/en-us/HT209520>
>
> Apple severely downplayed it as a single "memory corruption" issue:
> "A memory corruption issue was addressed with improved input validation."
>
> Yeah. Right.
> That's basically a lie given it was 14 separate issues, at least one of
> which was a zero-day exploit, that spanned the gamut of releases pervading
> all layers of the operating system.
> o The facts are clear - where you can make your own _adult_ assessment.

So they didn't say this as well:

"Impact: An application may be able to gain elevated privileges"

> LOGICAL ASSESSMENT:
> o *Apple never tests the diarrhea of iOS releases sufficiently*
> To wit: "The root causes ...ere are not novel and are often overlooked [by Apple QA testing]".
> <https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html>
>
> LOGICAL ASSESSMENT:
> o *"Don't ever trust anything that Apple says in their release notes"*
> To wit: "Working with TAG, we discovered exploits for a total of fourteen

> vulnerabilities across the five exploit chains: seven for the iPhone¢s web

> browser, five for the kernel and two separate sandbox escapes."
> <https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html>

You did provide a quote this time...

...and the reference...

...but you left out (deliberately) other things Apple said.

[Arlen G. Holder]

On Mon, 2 Sep 2019 19:43:14 -0700, Alan Baker wrote:

> ...but you left out (deliberately) other things Apple said.

Hi Alan Baker,

Adults are supposed to be able to comprehend facts
o And then form a logicall assessment based on those facts.

If you comprehend the facts, then you already know these facts:
o iOS 12.1.4 contained fixes to the terrifying FaceTime exploit
o iOS 12.1.4 contained fixes to 14 terrifying iOS exploits

FACT:
o Both those exploits were because Apple didn't sufficiently test iOS

HINT:
o In one case, a child found the exploit, and,
o In the other case, Google said the releases had to have been untested.

The facts show, clearly, Apple doesn't sufficiently test its iOS diarrhea.

[Arlen G. Holder]

On Mon, 2 Sep 2019 19:43:14 -0700, Alan Baker wrote:

> You did provide a quote this time...
>
> ...and the reference...
>
> ...but you left out (deliberately) other things Apple said.

Hi Alan Baker,

Adults comprehend not only facts,
o Adults also form logical assessments based on those facts

The facts clearly show this bug not only to be astoundingly terrifying
o But also, that their mere existence proves iOS was an untested diarrhea

What's important is Apple _advertises_ that they're the company to trust
o And yet - the facts clearly show the iOS diarrhea to be essentially untested

Google said it best when they revealed the 14 devastating exploits
o Which they said existed because the iOS release was essentially untested

That is the real problem, Alan Baker.
o Apple (admittedly brilliantly) advertises the mere _illusion_ of security.

The danger is, of course, that people, like you, actually _believe_ it.

[Alan Baker]

On 2019-09-02 9:44 p.m., Arlen G. Holder wrote:
> On Mon, 2 Sep 2019 19:43:14 -0700, Alan Baker wrote:
>
>> You did provide a quote this time...
>>
>> ...and the reference...
>>
>> ...but you left out (deliberately) other things Apple said.
> Hi Alan Baker,
>

> Adults...

...don't lie by omission?

I agree.

So why do you do it?

[Alan Baker]

On 2019-09-02 9:39 p.m., Arlen G. Holder wrote:
> On Mon, 2 Sep 2019 19:43:14 -0700, Alan Baker wrote:
>
>> ...but you left out (deliberately) other things Apple said.
> Hi Alan Baker,
>

> Adults are supposed to be...

...honest and forthright?

I agree.

So why aren't you?

[Alan Baker]

On 2019-09-02 5:56 p.m., Arlen G. Holder wrote:
> On Mon, 2 Sep 2019 16:15:38 -0700, Alan Baker wrote:
>
>> ...back up their claims?
>>
>> I agree.
>>
>> So why don't you?
> Hi Alan Baker,
>

> Adults are supposed to be able to...

...deal honestly with things said to them?

[Alan Baker]

On 2019-09-02 6:38 p.m., Arlen G. Holder wrote:
> On Mon, 02 Sep 2019 19:16:48 -0400, nospam wrote:
>
>> 1. not troll
>> 2. understand what a fact actually is.
>
> Hi nospam,
>
> The facts show Apple advertises the mere _illusion_ of security.

Your ASSERTION is not accepted.

> o iOS diarrhea makes people _feel_ safe - without actually being safe!

Your ASSERTION is not accepted.

>
> The facts are that in the same iOS 12.1.4 release that contained the
> devastatingly huge bug that a 14-year old boy found in iOS privacy, there
> were 14 even more devastatingly huge bugs that were not found by Apple,
> spanning years and multiple releases of the iOS diarrhea from iOS 10 to 12.

Wow. You would think that a guy who prides himself on only presenting
"facts" would have known that it was 12.1.4 that FIXED that bug. It
didn't contain it.

>
> Adults comprehend those facts
> o And adults form logical assessments of those facts.
>
> Given that a mere child found the first devastating iOS bug, and given that
> Google said that the 14 bugs results from untested iOS releases, an adult
> could logically make the following assessment.

Where did Google say that?

I want a direct quote and a reference, please.

>
> o Apple does not sufficiently test the iOS diarrhea that they ship.

"Sufficiently": a word you refuse to define.

>
> Worse, Google said it best when they noted that people _believe_ Apple's
> highly advertised promise of trust.

Quote and reference, please.

>
> And yet - the fact clearly support the adult logical assessment:
> o That promise of trust - is yet another Apple well-marketed lie.

That is an ASSERTION.

>
> The sad thing is that people _believe_ Apple's lies of security/privacy
> o Therein lies the real damage.

ASSERTION.

>
> People trusted the diarrhea of iOS releases
> o Simply because Apple said that they were security

ASSERTION.

>
> The facts show Apple advertises the mere _illusion_ of security.

The facts show that even your own sources rank Apple best.

:-)

[Arlen Holder]

On Tue, 3 Sep 2019 10:38:41 -0700, Alan Baker wrote:

> I agree.

FACTS:
Clearly, Google proved beyond doubt Apple forgot to test iOS for security.
o Which even Apple can't - and didn't - deny.

Google simply proved with facts what I've been proving with facts for years

o Apple literally forgot to sufficiently test iOS code for years on end!
<https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html>

Apple doesn't even dispute Google proved Apple forgot to test iOS code!
o The real problem is the false sense of security that iOS users relish in.

Google said it best:

"Real users make risk decisions based on the public perception of the
security of these devices."

When Google proved that Apple literally forgot to sufficiently test iOS!

"The root causes I highlight here are not novel and are often overlooked:
we'll see cases of code which seems to have never worked, code that likely
skipped QA or likely had little testing or review before being shipped to
users."

Notice this clearly condems Apple for having forgotten to test iOS code!

Bear in mind this is on TOP of the FacePalm bugs
o Which even a child could have found (and did find).

Which, themselves, were on top of Apple REPEAT shipping of old bugs!
o All of which proves Apple doesn't ever test iOS code sufficiently.

It's much easier to just advertise imaginary security
o Than actually delivering it.

And you apologists eat it up without thinking for a single second
o About the facts.

[Alan Baker]

On 2019-09-13 12:00 a.m., Arlen Holder wrote:
> On Tue, 3 Sep 2019 10:38:41 -0700, Alan Baker wrote:
>
>> I agree.
>

> FA...

Go back before you started snipping and reply as an adult would reply.

[Nomen Nescio]

In article <qlfeql$aim$3...@news.mixmin.net>

Filthy animals!