2y ago

You Need to Update Your iPhone [if you have one], Right Now

gizmodo.com

You Need to Update Your iPhone, Right Now

28 comments

shows picture of an iPhone 4/4s
- I mean probably the singular best model to date. When the retina screen dropped… wow. I miss Steve 🫶
  
  Good phone aside from “you’re holding it wrong”
"If you have one"? What's the point of that insert?
- To stop all the assholes coming in and haughtily talk about how they have an Android phone.
  
  If you have an Android phone, you'll need to update it asap too because Google just released a security update for a zero-day vulnerability.
  
  I misread the title and thought it said "You Need to Update Your Phone [if you have one], Right now", which I found quite strange, then started reading the post and was like "Hey, but I have an Android, do you assume everyone has an iPhone now?"... So here I am anyway.
  
  I thought people stopped debating religion online, it seems very 2013
  
  You've been around long enough to know that won't stop them. I recognize your user name from Reddit.
So the hacker hacks your phone with his mind?
- At a very high level: the attacker sends a picture which somehow is opened by Apple Wallet and leads to the execution of arbitrary code (this is the vulnerability, in how the wallet parses the picture, allowing for a buffer overflow), deactivation of certain security features and download/execution of the malicious payload.
  
  sure apple wallet is requierd for it to work? red it like the image part can come remotely by picture 0click (by link preview archived) or via using the wallet app, not both in conjunction.
- Citizen Lab says that the Blastpass is delivered to a victim’s phone via images that are attachments to PassKit, which is a suite of code that allows developers to access Apple Pay infrastructure for their apps. Those images are sent from a phony iMessage account, and when the iPhone processes that image, the hacker has free reign over the victim’s device.
  It's zero-click because when your iPhone receives the message with the image, it tries rendering the image, which contains the exploit. Once the attacker is in, they usually delete the message that got them access and all traces, so that you don't know you're even hacked. This could happen in the middle of the night when you're sleeping.
  Prior to this update, Lockdown Mode on their iPhones was the only way to protect yourself from this exploit.
What about iOS 17 Public Beta?
- Anything published before today, while this was a zero-day, should be considered vulnerable.
- Seeing as it’s not iOS 16, should be fine. But I’m sure they’d put a patch out for the beta if the risk was that high for it as well.
- No idea. I wouldn't trust it right now though.
- I’ve put my phone in lockdown mode until a new beta comes out. Not much functionality lost
  
  I forgot about Lockdown Mode! Good idea!
There's no update for older iPhones or Macs yet.
Phew, I just started looking for my iPhone I don't have. Brackets saved my sanity.
- Thanks for proving exactly why I put them there in the first place. So people wouldn't come in here gloating about how they didn't have one.
- The text in the brackets was added to prevent comments similar to this, but life finds a way

28 comments