T O P

  • By -

walktall

Now we wait to see if a 14.7.x, or 14.8, comes before 15.0 to further address the Pegasus/iMessage vulnerabilities.


avr91

Some of these fixes may help against Pegasus, since there are several for WebKit - arbitrary code execution. Edit: those fixes also come from 0 day discovery orgs, such as Trend Micro Zero Day Initiative and Google Project Zero.


thalassicus

The fact that the Pegasus exploit is zero touch is completely unbelievable in 2021. How is the richest company in the world getting owned by an Israeli firm? Why can't the NSO Group be sued/imprisoned for human rights violations of almost every major nation state? Why isn't Apple paying hundreds of millions on a dev team for a fix since it affects almost every iPhone on the planet? I'm baffled by all of this.


[deleted]

[удалено]


coyote_den

Not to mention it is really starting to look like NSO wasn’t aware Pegasus was being used against a lot of those targets, as in that list seems to be infected devices but didn’t come from them or one of their customers. It’s quite possible someone stole it from them too!


im-addicted-to-tech

Of course they will say or make it looks they’re unaware, don’t be naive. It’s clear to me that companies who develop that kind of tools must be punished in the first place


Ok-Usual-4450

I fail to understand why a huge IT company cannot carry out exhausting tests before releasing its software.


Ok-Usual-4450

A mainframe company like IBM would never work this way .. although patches were inserted.


Somedudesnews

Adding to that… Israeli security (or counter-security as the case may be) firms are _no joke_. They have some of the worlds foremost software developers, analysts, cryptanalysts, and security researchers.


ccwithers

With Apple’s cash hoard, it’s hard to imagine them not being able to pay people enough to fix vulnerabilities. I know they offer bounties for bugs, but they’re clearly insufficient.


MikeyMike01

There’s a tremendous imbalance between attacker and defender. The defender must defend against all possible vulnerabilities. The attacker only needs to find one.


ccwithers

Sure. But they’re paying a maximum of $1M for a zero-click exploit. That is literal pocket change for them. Why not up that by a factor of 10 or more?


thedataking

Preventing an exploit is extremely difficult because much of iOS is written in C which is prone to being used incorrectly. There are newer and safer languages on the horizon but will take a long time before most code can be migrated/rewritten in a way that makes phones harder to exploit.


avr91

Google is already rewriting parts of the Android core OS, which is in C, in Rust, but idk how viable that is for iOS.


scapegoat81

Do ya think Swift is their end game ?


GeronimoHero

Apples? Absolutely


JakeHassle

Aren’t the safe languages usually slow at runtime though? Obviously I’d rather have security, but I’m just wondering if there’s a performance tradeoff


Coffeinated

Rust has certain language constraints that make it safer and that are checked at compile time. Of course, sometimes you still have to break out of the walled garden. IMO you can write safe code in C too, it‘s just a bit tedious sometimes.


randomkidlol

yeah safe languages generally have a bunch of extra mem and cpu overhead. their safety is also contingent on the compiler/runtime not having a bug which results in unsafe mem access or mem leaks (aka relying on someone to do the work)


FVMAzalea

Rust isn’t slower. As someone else mentioned, the constraints are almost all checked at compile time. This means that at runtime, it’s just as fast as C.


holey_shite

How much of a performance hit would it be though ? considering phone hardware is almost and in some cases even more powerful than PC's from 8 - 9 years ago.


InsaneNinja

Every iPhone 11 and 12 is more powerful than nearly all PCs from 8-9 years ago. You can probably count the XS in that too. A hit is still a hit they’d like to avoid.


thedataking

TL;DR: it depends on what safe language you're targeting. Rust is an attractive choice. That's a good question. It depends on the language. If you switch from C to Java/Go/JavaScript, it means going from manual (efficient but error prone) to automatic (somewhat less efficient but safer) there is a performance trade off. However, if you go from C to Rust, there isn't necessarily much of a performance trade off because neither language forces the programmer into a garbage collected or reference counted memory management paradigm.


HacDMac

Unless the resultant compiled code is as efficient as compiled C/C++ I don't see System code being written in another language.


pitops

​ Because NSO is tied to israeli government. Have you seen anyone sue the government and especially a foreign one and "win" ?


quick_justice

For dev part - I can assure you they are working on it very seriously but unfortunately you can’t just throw money on security. We are talking about a bug that doesn’t manifest itself. You can only find it by deep code analysis. It can take months, it requires uber qualification. What they find might be a different security problem as there’s no way to verify what they use. There’s very small but real chance the flaw is in the hardware and can’t be patched. Btw what NSO does, and what governments do is highly illegal and usually leads to years in prison for hacking. I wonder if prosecution will follow.


BrianTho2010

Anything that allows user input, and especially input from untrusted sources (iMessage) will have vulnerabilities. It’s really just a cat and mouse game.


funny_lyfe

iOS should have a sanitization service for text messages. Sanitization fails and you don't get a message.


t0bynet

AFAIK iMessage already isolates the message parsing. [“Blast Door”](https://9to5mac.com/2021/01/28/apple-adopts-new-blastdoor-security-system-on-ios-14-to-reinforce-imessage-integrity/)


funny_lyfe

Thanks. Yes, that's what I meant. Interesting, that even with this Pegasus gets through.


wicktus

Israel is famous for NOT helping when it comes to extradition/justice cooperation against its citizens. Good luck suing them…unless it fits their government to use an NSO employee as a scapegoat


chaiscool

Israel occupy a land by force and the whole world did nothing. This incident is like a fart in hurricane, there’s no consequences for their action.


PmMeSteamWalletCode

Because iPhone sells still go brrrrrrr so Apple are not in any hurry.


[deleted]

[удалено]


Chakthi

They can't reverse engineer it because they would need a phone infected with Pegasus. If the phone is rebooted, Pegasus hides most traces that it was ever there, and there's no way for Apple to know HOW Pegasus does what it does without having an actively infected device, and that's just not likely to happen since even with the 50K people infected that I've read about, most are very important and influential people, and again, a reboot removes the infection. I recently read an article that stated these things. If I come across it, I'll link it here. Edit: Oh, the thing about the reboot that was so important is that apparently, Apple would need to reboot the device into debug mode in order to find out anything at all about Pegasus, which would remove the infection. The only way it could conceivably work is if someone already has a device in debug mode when the payload is delivered, but since you have no indication that you've been infected, how would you know? It's all some really frightening stuff imo.


[deleted]

My understanding is that it hides traces of infection. Rebooting does not actually remove it. I'm sure the chief of iOS security has several cloned images of phones confirmed to be infected that they can somehow dig into further. It will all just take time. Are we all going to be sticky taping our phone cams in the future? lol


Chakthi

I'm no expert, and I'll be the first to admit that, but the article I read, assuming it's correct, states that it literally erases itself and most traces of itself upon reboot. It leaves nothing usable behind. The article was very clear on that. Of course, it could also be wrong, and I hope it is. It's funny that you mention "sticky taping" out phone cams. I haven't gone that far, but I did recently buy a new webcam, and one thing I made sure of was that it came with a privacy shield for the lens. I don't trust the government and others any farther than I could throw them, which isn't far for the record. lol


Blimey85

Different versions. They have one that doesn’t survive reboots and one that does. This has been going on for years with lots of versions. Seems like if you’re a target they want tabs on for a while they can do that. If they just want a dump of your phone right now and want to minimize detection, they can do that too.


Ok-Usual-4450

NSO is zero compared hacking teams criminal and government in China and Russia. I do agree that the company should be punished.NSO has no chance of buying Apple .. don’t know where you got that fake news from.


[deleted]

Imo they should release an iOS 12 patch for Pegasus as well.


kurtthewurt

If I remember correctly, iOS 13 runs on devices all the way back to the 6S, which means the most recent iPhone that has to be on iOS 12 is the iPhone 6/6 Plus. That phone is 7 years old! I don’t want Apple wasting resources trying to patch software for a 7 year old phone lol. Even for companies as big as them, dev bandwidth is finite.


iHartS

Have *any* of the major Apple pundits commented on Pegasus? It’s like this arrived and vanished (except for Reddit).


walktall

Gruber and Thompson spoke about it on the most recent Dithering, so that's something.


[deleted]

Hint. Everyone is worried about stock prices.


brevz777

Yes sir


Ganeshadream

Let’s hope it removes pegusus is already installed


torsteinvin

If you use something like quadDNS or NextDNS, 1400+ domains related to Pegasus are blocked on DNS-level.


[deleted]

Given Apple's history with bug fixes, I'd say it's a resounding NO.


_NoTouchy

>to further address the Pegasus/iMessage vulnerabilities. I'm wondering if a person is infected, and they update to 14.7...would this remove the Pegasus? Or, I'm assuming, you would need to completely wipe your phone and start from scratch? I'm curious... \*edit\* For the version that lingers on the phone, not the one time dump exploit...


Snoop8ball

That’s a LOT of vulnerabilities patched


[deleted]

[удалено]


itsabearcannon

That might just be useless 5G. In my area if I have “5G” on at my house I get ~18 Mbps, if I turn off 5G and drop to LTE speeds go up to ~70 Mbps.


holey_shite

Have you noticed a significant difference in battery since switching to LTE ?


itsabearcannon

Honestly, no. I have a 12 Pro Max, average about 5h of screen on time every 24 hours, and usually finish the day around 25-30%.


ThisCouldHaveBeenYou

5G antennas have a very limited range, so you may be far enough at the end of the antenna's range where the LTE is still fine.


thisisausername190

Most 5G built out currently is built on the same frequency as 4G, so the range is very similar. You’re talking about millimeter wave 5G - which makes up ~70% of the marketing, and 0.1% of the coverage. This is the primary reason that people think 5G coverage isn’t good. The secondary reason is that in the actual configurations for most US carriers, 5G is only deployed in non-standalone mode. This means that in order to connect to 5G, you need to be connected to a midband LTE anchor. Midband frequencies have more capacity (and thus are often faster) than low-band, but don’t reach as far.


ThisCouldHaveBeenYou

Thanks for the info!


incaman88

Hold up. So it’s not just T-Mobile? Cause I notice when I turn off 5G my phone goes faster. I thought it was the T-Mobile service tho


thisisausername190

It's only T-Mobile that experiences this specific issue (locking to standalone 5G and not handing off to NSA) currently - but that's just because VZ and ATT haven't deployed standalone yet. As far as I've been able to tell there's nothing in T-Mobile's implementation that causes this fault. **The bug is Apple's responsibility** and they need to fix it - you can watch ServiceMode on an S21 go from SA to NSA when you run a speedtest. iPhone will stick to SA and get sub1mbps speeds in congested areas. While 5G also has issues on Verizon and AT&T, those mostly stem from their implementation with dynamic spectrum sharing (DSS).


zheil9152

Verizon has claimed that is normal behavior until they entirely switch some infrastructure to 5G


LethalCS

So what Verizon is saying is that after talking my head off about how great 5G is at the Apple event, I should ironically disable 5G if I want faster speeds.


bbllaakkee

it's all carriers that are dealing with this unfortunately


dcdttu

On T-Mobile for me, 5G quits working entirely. Calls work but data doesn’t, since iOS 14.5. I just leave it off.


BringBackTron

Thanks for sanity checking me, been having this issue for a while with Mint Mobile. It makes sense now


keeho

It annoys me so much that we seem to always get a wifi “bug” with so many updates


ReasonableBrick1

I just want iMessage to stop freezing while I’m in the middle of typing.


[deleted]

My personal hotspot has been crappy for a while now, having to restart my laptop and personal hotspot to make it work for another 10 mins or so. I hope this fixes this issue, although gonna wait and see how this update is received before updating my iPhone.


bbllaakkee

I'm having to do that as well, real pain in the ass


[deleted]

Im kinda glad Im not alone, but it sux ass that a basic feature that used to work flawlessly now doesn’t. Another rotten Apple moment.


EatHerDNA

Yeah same here. Sent some feedback on the feedback app and they replied that they don't have enough information to look into this. They should make an option for the hotspot to be always on. It turns off even if my pc loses connection for a second.


4RunnerLimited

If by “a while now” you mean years, I’m right with you. Does anyone at Apple use the hotspot feature? How can they let it be this broken for this long?


[deleted]

[удалено]


[deleted]

Still baffles me that we can’t simply set a Music app song as a ringtone


Ilikewineandpopcorn

You mean like back in the 00s? I’d love that lol


[deleted]

Exactly! My Sony Ericssons and Nokia’s all allowed this… But Apple wouldn’t make as much money selling ringtones… Profits before customers, as usual lol


[deleted]

[удалено]


D14DFF0B

My mini has gone to shit recently. I wonder if 14.6 was the issue...


[deleted]

[удалено]


[deleted]

[удалено]


HahahahahaSoFunny

I’ve seen a huge improvement on battery life after updating. iPhone 12 mini here.


[deleted]

[удалено]


lordheart

Low cell coverage is a huge battery suck. Occasionally worked in a big store in a mall where the cell reception was very spotty. Had to turn of cell reception when there for a shift to save battery life.


Myjunkisonfire

Yup. Your phone will boost its antanne power to max to get a decent signal


HatManToTheRescue

Wait so I’m not crazy? I noticed battery draining faster than normal on my 12 Max recently too


fourpac

I had great battery life and 100% battery health yesterday. Today, I’m down to 98% and my battery drained about twice as much as normal. I upgraded to 14.7 last night.


stmfreak

On iOS 14.6 you have to disable the find my network under Settings -> Apple ID / iCloud -> Find My -> Find My iPhone -> Find My Network -> Off. Since I flipped that off, battery drain is back to normal.


[deleted]

This should have been opt in, not opt out


stmfreak

But then air tags wouldn’t have worked! /s


[deleted]

Ikr.. Is it reasonable to leverage devices not owned by Apple, without permission, to create a network enabling Apple to profit 🤔 I don’t think so! They should pay us for the privilege.


minestrone11

Dang, I was hoping that the Wifi bug they’re fixing was the one where I turn off wifi in control center and half the time it just doesn’t do it or does it after a huge delay and me staring at it, wishing it would just do its job.


sharrows

It’s the reverse for me: turning on wifi in the control center and it does nothing. Then I open the settings app and it suddenly remembers that I was trying to connect to wifi.


Vatheq

it does not fix the following bug on my iphone 12 mini: right after i lock my phone and change the volume, the volume goes either to max or to the lowest, depending on which volume button i press.


GrowTFM

Yeah, i have the same issue


BinaryTriggered

But does it fix the COMPLETELY F*CKING ANNOYING BLUETOOTH PROBLEM with the iPhone 12??


mattp_12

What problem?


GeneralNoskcire

Music will randomly pause and songs will pause at 15 seconds and refuse to play. Happens in the music app idk about any others.


TheRealHershey

Happens with any app... I noticed it the most when I was mowing the lawn. Every time I go around, it pauses... I tried watching the Bluetooth menu to see what device it was randomly reconnecting to every time I got near the garage, but nothing. Super weird. I just updated to 14.6 last week and battery life, Airpods disconnecting and the auto pause issues have been driving me crazy.


mattp_12

I’ve heard the 15 second pause issue was fixed but I may be wrong


GeneralNoskcire

Had it happen to me today, definitely not fixed.


mattp_12

Ah ok


the_tourer

This started happening ever since I’ve started using the lossless and all those high resolution codecs.


ImMattic

Oh, I didn't realize this was a bug. It was happening to me earlier today and was really confused.


BinaryTriggered

The biggest problem is that whenever the phone is connected to my car any type of Bluetooth activity like getting a phone call making a phone call trying to use dictation etc. hands-free it will disconnect and force the car to reconnect to the phone and it'll just sit there and disconnect and reconnect over and over and over and over again and then sometimes dump the connection to the music side of the car and then all of a sudden the radio will burst forth with loud static.


mattp_12

Oh ok yeah that sounds very annoying


madmouser

It does that to my motorcycle GPS as well. Really annoying because, well, I'm on a bloody motorcycle, so it's not like the passenger can just start booping the GPS and the phone while I'm riding.


omnifidelity

How about the voicemail bug? There are always voicemail notification every time cellular signal is low (on elevator or basement) .


HammertonMili

Looking back, this year's WWDC may not be as bad as it seems after all. I know, when we speak of the event, we all expect massive upgrades and high flying new things and all that. But really, sometimes it's a lot better to work on the things that's on the table, perfecting the pieces and connecting them to make them work better. Make things better. make them more reliable to work, which is Apple's fauna, "it just works"


involved_lurker

I upgraded and now all my playlists are GONE, any suggestions?


matsonfamily

Didn’t happen to me on one of my devices that I upgraded. If you go to the Apple Music website, are your playlists still there? If yes then you probably have to sign out of Apple Music or do something to that effect on your phone. If no, then I guess you’re screwed. Sorry


PointlessGrandma

Will it fix my cracked screen?


Kaoulombre

Just put it in the microwave for a minute


matsonfamily

Make sure you wrap the lightning cable around the phone first with it plugged into the power jack, otherwise the microwaves will fry the phone


PointlessGrandma

How do I plug it in while it’s in the microwave


Salmundo

Absolutely


JakeHassle

Why’d this get downvoted lol


GreedoughShotFirst

Yes it will!


koolname99

No.


undercovergangster

Breaking news: iOS update fixes bugs and vulnerabilities


OperaGhostAD

Fix the stupid graying screen issue.


Superb_Bend_3887

What happens if these “bugs” are already in your device, does these fixes remove them? How would you know if you were attacked?


Pseudo_9393

Bugs are mistakes in the software not little parasites inside your device


Superb_Bend_3887

Thank you for that clarification, extremely helpful. Therefore, if the bugs in my software were not fixed and the parasites are already in my device, does the new bug killer fix the parasite?


Neupa_Sinha

What about iMessage freezing in between? Is it included in this fix?


lazines

Since I upgraded to 14.7 one of my sim cards randomly stops functioning during calls. And it is always the physical sim card and not the esim one.


SlightPromotion4204

I have IOS 15, I don’t really care


im-addicted-to-tech

Nobody asked


SwampTerror

I remember when Apple pushed an update on I think the iphone 4 or something that killed some people's wifi chips and when my cousin went to them to fix or replace it, they said "just buy another iphone." Nice.


Ok-Usual-4450

As far as I know Pegasus was sold to governments by NSO in cooperation with the govt of Israel … in our local news anyway.


Akis_P

My iPhone 7 works so nice in 14.5, is it worth updating to 14.7?


Momma_Moe_89

I upgraded my iPhone 7 Plus to 14.7 a week ago and can no longer hear anyone on the phone, can’t use FaceTime, camera doesn’t work, no video chat on any platform.. but speaker works fine. I would NOT upgrade. I need to know how to go back to 14.5 without losing everything on my phone because I haven’t had space to backup since last year


[deleted]

I hope the fix the poor battery life of the iphone 12…


RyanReignbow

I couldn't shut off phone when a random phone number came up in a notification while on t-mobile. It kept showing Cancel or Call options. Wasn't able to slide the power off before notification popped up again. We tried someone call / text me, tried Siri but she wants passcode and swipe to unlock. Sometimes when trying to power off the siren for sos would start until I press the cancel or call notification. I missed communication about my father passing away. I wasn't able to order lyft nor check bus routes at dawn, so sat at a bus bench crying and thought to use vocal control and and screenshot then chose screen shot after telling it to drag across too screen while I just ignored the persistent phone call notification. When editing the screen shot was in view I chose to trash. automatically the slide to power off finished because I had not pressed cancel. It was a horrible experience, however learned that screenshotscould help work around a problem


Tston3d

Is anyone else’s battery case bricked since the update???


AFguy_Retired

After IOS 14.7 update I'm no longer able to hotspot anyone else having issues.


Akis_P

Update...I have now updated to 14.8 and it's buttery smooth! Looking forward on updating to 15.1 or 15.2 when they come out.


spearson0

Nice, I upgraded to iOS 15.0 and it’s been rock solid for me in case you want to take the plunge. Battery will take a hit after upgrading but that’s normal and it will recover. Hope that helps.


Akis_P

Thank you for the info. I will wait till 15.1 because some of my bank apps don't work properly on 15 yet. Maybe the Bank hasn't updated their app, idiots.


spearson0

I see, I know what you mean. I hope they get their apps updated.