1. 10
  1.  

  2. 4

    Maybe I’m just missing some context here on how this exploit is different, but I’d imagine when the whole hubbub around Android Stagefright was bubbling up last year, it would’ve made sense for Apple’s security teams to run a full audit of the similar MMS image libraries being used in iOS and OS X.

    Does anyone have more information about this particular exploit and maybe why Apple wouldn’t have caught it a year ago?

    1. 11

      From the outside, Apple doesn’t seem very good at observing the world around them. Some of the things they’re doing are pretty cutting edge, but it’s like they evolved in a vacuum.

      1. 5

        This is pretty spot-on observation. Apple maintains a strongly insular technical culture, which has worked out startlingly well for them at times, and hilariously poorly at others. There are very smart people there, but many of them came up in the Apple culture, which tends to reward in-house solutions over external ones.

        1. 1

          Seconded. One thing that I find a little strange is that they had people from the open source community working in senior software engineering positions for years (think JKH and others) but the culture seems just as it was years ago, perhaps even worse. Of course, this is just my (probably grossly uninformed) outsider’s opinion.

          1. 3

            I still miss classic Mac OS, and think that many of the decisions made when NeXT was enveloped to be mistakes.

            Interesting. I tried hard to like classic Mac OS but never could - I was so glad when they decided to integrate NeXT and move to a Unix-based OS. Some of the decisions made after that have been (IMHO) bad, but I think the original decision was good. I doubt Apple would still be here today if they’d tried to keep classic Mac OS going (or even if their various initiatives like Taligent had survived).

            1. 2

              As a former insider, yeah, the culture is very powerful. I think it’s interesting, as they are one of the few (two? with Microsoft?) powerful tech companies that a) is still making technology and b) predates the internet. I hope they continue being prickly to the current consensus – it’s very helpful for a leading company to be idiosyncratic, to help avoid technical monoculture.

              ETA: which made the first time I ssh’d into my phone predictable, but depressing. I still miss classic Mac OS, and think that many of the decisions made when NeXT was enveloped to be mistakes.

        2. 3

          I’d imagine when the whole hubbub around Android Stagefright was bubbling up last year, it would’ve made sense for Apple’s security teams to run a full audit of the similar MMS image libraries being used in iOS and OS X.

          Stagefright got a lot of attention because of its attack vector in combination with Google’s incapability to push updates to all Android devices. But vulnerabilities happen all across the board, so you should be auditing everything continuously. Sadly, it seems that only the OpenBSD team takes an interest in that :(.

        3. 4

          This article feels so… I don’t know… fear mongering? I know exploits get found in software all the time, but how often are they described with words like “terrifying” and “gaping hole”

          1. 4

            Whenever they affect Apple products.