• solrize@lemmy.world
    link
    fedilink
    English
    arrow-up
    79
    arrow-down
    7
    ·
    11 months ago

    This is an astonishing attack but it has been all over the tech news already and is explained pretty well in the securelist post. I don’t have any desire to watch a video.

    • ElderReflections@kbin.social
      link
      fedilink
      arrow-up
      59
      arrow-down
      1
      ·
      11 months ago

      To summarise the video for you: “Yada, yada, yada… there’s a blog post that covers this better, you should check it out”

    • poopkins@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      3
      ·
      11 months ago

      The video doesn’t go into the technical details about TriangleDB; that is left as a reference to the securelist article. Instead, the video discusses the background of the exploit, what has been done by others, what has been done since, and calls out some curiosities about the perpetrators.

      I found the video to be a great summary and quite insightful.

    • xor@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      10
      ·
      11 months ago

      tell me more about how you don’t want to watch a video

  • narc0tic_bird@lemm.ee
    link
    fedilink
    English
    arrow-up
    4
    ·
    11 months ago

    For those wondering: multiple security flaws that this actively exploited were fixed in iOS 16.5.1 and 17.

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    2
    ·
    11 months ago

    A… They found A iphone backdoor. There are others as surely as there are faults with all complicated systems.

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        6
        ·
        11 months ago

        The distinction between an accidental bug, and the deliberate back door with plausible deniability is minuscule.

        Unless you find the smoking gun document stating the reason for the code being written this way, there’s always going to be deniability, it’s always going to be pointed out as a bug.

        But I think it’s immaterial, even if every back door starts off as a genuine bug, code is so large and complex that there’s going to be back doors to be harvested. And cataloged. And kept in reserve for advanced persistent threat actors