iphone hack using imessage without user interaction

[Neil]

https://www.washingtonpost.com/technology/2023/06/01/russia-iphone-hack-kaspersky/

Kaspersky said it believed the infections began with an iMessage attachment
without any user interaction.
--
best regards,

Neil

[Jolly Roger]

On 2023-06-02, Neil <ne...@myplaceofwork.com> wrote:
> https://www.washingtonpost.com/technology/2023/06/01/russia-iphone-hack-kaspersky/
>
> Kaspersky said it believed the infections began with an iMessage
> attachment without any user interaction.

---
Kaspersky said none of the impacted devices were running an operating
system more recent than iOS 15.7
---
<https://www.macrumors.com/2023/06/01/apple-shares-ios-16-adoption-statistics/>

---
Meanwhile, Apple Shares Latest iOS 16 Usage Statistics for iPhone Ahead
of WWDC -- Most importantly, Apple says 81% of all active iPhones are
now running iOS 16, up from 72% in February. 13% of active iPhones are
still running iOS 15, and 6% are running an even older iOS version,
according to the data. iOS 16 was released to the public in September
and is compatible with the iPhone 8 and newer.

Apple adds that 71% of all active iPads are now running iPadOS 16, up
from 50% in February.

Around the same time last year, Apple revealed that 82% of all active
iPhones were running iOS 15, so the usage statistics are very similar on
a year-over-year basis.
---

So only 19% of users who stupidly refuse to update are affected.

Stupid is as stupid does. ; )

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[mike]

On 02-06-2023 08:51 Jolly Roger <jolly...@pobox.com> wrote:

> Kaspersky said none of the impacted devices were running an operating
> system more recent than iOS 15.7

Apple does not fully path any release but the latest one release (which is
iOS 16 at the moment).

An iPhone that can't update to iOS 16 is completely worthless as a result.

[Joerg Lorenz]

Am 02.06.23 um 05:09 schrieb Neil:

> https://www.washingtonpost.com/technology/2023/06/01/russia-iphone-hack-kaspersky/
>
> Kaspersky said it believed the infections began with an iMessage attachment
> without any user interaction.

Propaganda on both sides. Something for the kindergarten. No hard
evidence of anything.

The only credible information/statement coming from Apple.

--
Gutta cavat lapidem (Ovid)

[Joerg Lorenz]

Am 02.06.23 um 06:43 schrieb mike:

Bullshit. This story is up to now not more than very cheap fake news.

[mike]

On 02-06-2023 00:05 Joerg Lorenz <hugy...@gmx.ch> wrote:

>> Apple does not fully path any release but the latest one release (which is
>> iOS 16 at the moment).
>>
>> An iPhone that can't update to iOS 16 is completely worthless as a result.
>
> Bullshit. This story is up to now not more than very cheap fake news.

The story may or may not be bullshit for all I know, but it's known to all
(who read the news) that Apple has published they only fully patch iOS 16.

So if you have any older iOS than 16, your phone will be insecure.
Same with macOS 13. No other macOS is fully patched but macOS 13.

If you don't like that, then take it up with Apple who published their
support policy, as most Apple owners can't believe what Apple says.

[Alan]

Let us see the actual policy.

[Joerg Lorenz]

Am 02.06.23 um 16:30 schrieb mike:

Nobody knows anything relevant about this fake news/propaganda including
you. You are a chatterbox.

[mike]

On 02-06-2023 17:21 Alan <nuh...@nope.com> wrote:

>> If you don't like that, then take it up with Apple who published their
>> support policy, as most Apple owners can't believe what Apple says.
>
> Let us see the actual policy.

Why are you on an Apple newsgroup if you know nothing about Apple?

[Alan]

I want to see if YOUR understanding is correct...

...and indeed to see if you can even FIND their policy.

Because if you can't, it means you're just going off of hearsay.

[mike]

On 02-06-2023 22:52 Alan <nuh...@nope.com> wrote:

>>>> If you don't like that, then take it up with Apple who published their
>>>> support policy, as most Apple owners can't believe what Apple says.
>>>
>>> Let us see the actual policy.
>>
>> Why are you on an Apple newsgroup if you know nothing about Apple?
>
> I want to see if YOUR understanding is correct...
>
> ...and indeed to see if you can even FIND their policy.
>
> Because if you can't, it means you're just going off of hearsay.

I knew you were stupid when you didn't know anything about Apple.
https://screenrant.com/apple-product-security-update-lifespan/

You're too stupid to even understand this but I post for others.
https://support.apple.com/guide/deployment/about-software-updates-depc4c80847a/

But an idiot like you just wants to not believe anything Apple says.

"The support document notes that only the latest releases provide full
protection from security vulnerabilities. "Because of dependency on
architecture and system changes to any current version of macOS (for
example, macOS 13), not all known security issues are addressed in previous
versions (for example, macOS 12)," the Apple document says. Essentially,
this means that the security updates Apple issues to older operating system
versions are not fully protected. Using that logic, the iOS 15.7.1 update
may leave security vulnerabilities unaddressed that have been patched in
the iOS 16.1 updates. This means that although Apple issues security
updates to older operating systems, users should only expect their devices
to be secure during the typical five to six-year software upgrade support
window."

We're done as I am disgusted by people who are as clueless as you are.
All you want to do is argue by saying Apple never said what Apple said.

[Hank Rogers]

No, please continue. You seem to know a lot about apple.

Some of us have bought their products and would like to hear
from you.

Ignore the apologists ... speak

[sms]

Apple is still issuing updates for iOS 15 so they will patch this
vulnerability now that they are aware of it.

The last iOS 15 update was 15.7.6 on May 18, 2023, only about two weeks
ago. This new exploit was only found a couple of days ago so give Apple
a little time to work on this. Issuing updates is not that fast because
of the testing involved with every update to ensure that it doesn't
break something else.

Remember, there are still millions of people still using iPhones that
can't be updated to iOS 16, especially in poorer countries, but even in
the U.S. there are still a lot of older iPhones still being used.

[nospam]

In article <u5gn5u$3ms18$1...@dont-email.me>, sms

<scharf...@geemail.com> wrote:

> The last iOS 15 update was 15.7.6 on May 18, 2023, only about two weeks
> ago.

the last ios 12 update was was 12.5.7 on january 23, 2023, only about
4.5 months ago, for an os that was originally released in 2018.

> Remember, there are still millions of people still using iPhones that
> can't be updated to iOS 16, especially in poorer countries, but even in
> the U.S. there are still a lot of older iPhones still being used.

remember. there are over one billion iphones in active use. 'millions'
(your numbers, with no evidence to support it) is not even 1%.

[Hank Rogers]

Don't worry. Nobody believes anything unless it comes from your
mouth.

[Jolly Roger]

God your trolls are weak - and boring.

[Bob Campbell]

So you are disputing that millions is less than 1% of a billion?

Which makes it pretty obvious who IS believable here.

[mike]

On 02-06-2023 23:36 Hank Rogers <ha...@nospam.invalid> wrote:

> No, please continue. You seem to know a lot about apple.

The main difference in knowledge between me & those who claimed Apple fully
patches more than the latest release is I read & understood Apple's words.

The ones who denied them didn't even know that Apple posted those words.

> Some of us have bought their products and would like to hear
> from you.

It's immaterial whether or not you "bought their products" as Apple's
policy is Apple's policy whether or not you "bought their products."

Apple says they do not patch any release with all known fixes except the
latest release (which is iOS 16 and macOS 13 at the current time frame).

> Ignore the apologists ... speak

Those people don't want to believe Apple's statements because what Apple
says & what Apple does conflicts with what they "wish/thought" Apple did.

[mike]

On 02-06-2023 22:12 Joerg Lorenz <hugy...@gmx.ch> wrote:

>> If you don't like that, then take it up with Apple who published their
>> support policy, as most Apple owners can't believe what Apple says.
>
> Nobody knows anything relevant about this fake news/propaganda including
> you. You are a chatterbox.

The entire world knows what Apple published - except you apparently.
https://support.apple.com/guide/deployment/about-software-updates-depc4c80847a/

People like you call even what Apple published 'fake news' apparently
because of you have never read any news about Apple products that everyone
else knows, and that's likely because you seem to want to wish Apple fully
fixed more than only the one latest release (which is iOS16/macOS13 only).

https://screenrant.com/apple-product-security-update-lifespan/

[mike]

On 04-06-2023 06:21 sms <scharf...@geemail.com> wrote:

>> Apple does not fully path any release but the latest one release (which is
>> iOS 16 at the moment).
>> An iPhone that can't update to iOS 16 is completely worthless as a result.
>
> Apple is still issuing updates for iOS 15 so they will patch this
> vulnerability now that they are aware of it.

So what.
That's meaningless in terms of whether iOS 15 is fully patched.
It's not.

Your statement only indicates you are unaware of Apple's official policy.
https://support.apple.com/guide/deployment/about-software-updates-depc4c80847a/

> The last iOS 15 update was 15.7.6 on May 18, 2023, only about two weeks
> ago. This new exploit was only found a couple of days ago so give Apple
> a little time to work on this. Issuing updates is not that fast because
> of the testing involved with every update to ensure that it doesn't
> break something else.

So what.
That's meaningless in terms of whether iOS 15 is fully patched.
It's not.

Even Microsoft may patch Windows XP, Windows 7, and Windows Vista/8 when
the bugs are so egregious that they feel it would be needed to fix them
(if perhaps for no other reason than to avert a bad-publicity nightmare).

One bug, usually a well-publicized bug, is not every bug Apple knows about.

Apple's own support document clearly states that Apple does not and will
not completely patch any release but the one latest release.

If you can find an interpretation of that document that differs from
Apple's own words, then supply that interpretation or accept Apple's words.

> Remember, there are still millions of people still using iPhones that
> can't be updated to iOS 16, especially in poorer countries, but even in
> the U.S. there are still a lot of older iPhones still being used.

So what.
That's meaningless in terms of whether iOS 15 is fully patched.
It's not.

You probably have never read Apple's policy so anything you think Apple
does is not what Apple says it does - or you're interpreting what Apple
says it does to something that isn't what anyone else would interpret.

https://screenrant.com/apple-product-security-update-lifespan/
"The support document notes that only the latest releases provide full
protection from security vulnerabilities. "Because of dependency on
architecture and system changes to any current version of macOS (for
example, macOS 13), not all known security issues are addressed in previous
versions (for example, macOS 12)," the Apple document says. Essentially,
this means that the security updates Apple issues to older operating system
versions are not fully protected. Using that logic, the iOS 15.7.1 update
may leave security vulnerabilities unaddressed that have been patched in
the iOS 16.1 updates. This means that although Apple issues security
updates to older operating systems, users should only expect their devices
to be secure during the typical five to six-year software upgrade support
window."

If you disagree with that interpretation, I can find more whereas you won't
find even one interpretation of Apple's words that back up your wishes.

It's an old wives tale myth that Apple fully patches more than one release.

[mike]

On 05-06-2023 19:07 Bob Campbell <nu...@none.none> wrote:

>>>> The last iOS 15 update was 15.7.6 on May 18, 2023, only about two weeks
>>>> ago.
>>>
>>> the last ios 12 update was was 12.5.7 on january 23, 2023, only about
>>> 4.5 months ago, for an os that was originally released in 2018.
>>>
>>>> Remember, there are still millions of people still using iPhones that
>>>> can't be updated to iOS 16, especially in poorer countries, but even in
>>>> the U.S. there are still a lot of older iPhones still being used.
>>>
>>> remember. there are over one billion iphones in active use. 'millions'
>>> (your numbers, with no evidence to support it) is not even 1%.
>>>
>>
>> Don't worry. Nobody believes anything unless it comes from your
>> mouth.
>
> So you are disputing that millions is less than 1% of a billion?
>
> Which makes it pretty obvious who IS believable here.

The real problem here is none of you have ever read what Apple wrote.
It seems all of you are unaware that Apple even has a published policy.

You're interpreting a couple of bug fixes as an entire release patch.
It's not.

Every company patches a bug or two when the publicity gets too heated.

It's meaningless that Apple (Microsoft & Google) patch a bug or two in
unsupported releases when Apple publicly states that they do not fully
patch anything other than the single one latest iOS or macOS release.
https://support.apple.com/guide/deployment/about-software-updates-depc4c80847a/

https://screenrant.com/apple-product-security-update-lifespan/
"The support document notes that only the latest releases provide full
protection from security vulnerabilities. "Because of dependency on
architecture and system changes to any current version of macOS (for
example, macOS 13), not all known security issues are addressed in previous
versions (for example, macOS 12)," the Apple document says. Essentially,
this means that the security updates Apple issues to older operating system
versions are not fully protected. Using that logic, the iOS 15.7.1 update
may leave security vulnerabilities unaddressed that have been patched in
the iOS 16.1 updates. This means that although Apple issues security
updates to older operating systems, users should only expect their devices
to be secure during the typical five to six-year software upgrade support
window."

https://hothardware.com/news/apple-admits-only-fully-patches-security-flaws-in-latest-os-releases
"Old versions of operating systems of Apple devices do not get complete
security patches. The emphasis in the document is that there is a
difference between Upgrade and Update, at least in the Apple lexicon."

https://arstechnica.com/gadgets/2022/10/apple-clarifies-security-update-policy-only-the-latest-oses-are-fully-patched/
"Despite providing security updates for multiple versions of macOS and iOS
at any given time, Apple says that only devices running the most recent
major operating system versions should expect to be fully protected.
Throughout the document, Apple uses "upgrade" to refer to major OS releases
that can add big new features and user interface changes and "update" to
refer to smaller but more frequently released patches that mostly fix bugs
and address security problems (though these can occasionally enable minor
feature additions or improvements as well). So updating from iOS 15 to iOS
16 or macOS 12 to macOS 13 is an upgrade. Updating from iOS 16.0 to 16.1 or
macOS 12.5 to 12.6 or 12.6.1 is an update. In other words, while Apple will
provide security-related updates for older versions of its operating
systems, only the most recent upgrades will receive updates for every
security problem Apple knows about."

[Jolly Roger]

On 2023-06-05, mike <th...@address.is.invalid> wrote:
> On 04-06-2023 06:21 sms <scharf...@geemail.com> wrote:
>
>>> Apple does not fully path any release but the latest one release (which is
>>> iOS 16 at the moment).
>>> An iPhone that can't update to iOS 16 is completely worthless as a result.
>>
>> Apple is still issuing updates for iOS 15 so they will patch this
>> vulnerability now that they are aware of it.
>
> So what.
> That's meaningless in terms of whether iOS 15 is fully patched.
> It's not.

Which specific vulnerabilities in iOS 15 haven't been patched, Arlen.
Name just one..