top | item 45574181

(no title)

Moral_ | 4 months ago

SEAR and the Apple team does an excellent job of security on iOS, and should be commended greatly on that.

Not only are they willing to develop hardware features and plumb that throughout the entire stack, they're willing to look at ITW exploits and work on ways to mitigate that. PPL was super interesting, they decided it wasn't 100% effective so they ditched it and came up with other thigs.

Apple's vertical makes it 'easy' to do this compared to Android where they have to convince the CPU guys at QC or Mediatek to build a feature, convince the linux kernel to take it, get it in AOSP, get it in upstream LLVM, etc etc.

Pointer authentication codes (PAC) is a good example, Apple said f-it we'll do it ourselves. They maintained a downstream fork of LLVM, and built full support, leveraged in the wild bypasses and fixed those up.

discuss

dagmx|4 months ago

One of the knock on benefits of this too is increased security across all platforms as long as someone exercises that code path on one of apples new processors with a hardened runtime.

In theory it makes it easier to catch stuff that you can’t simply catch with static analysis and it gives you some level of insight beyond simply crashing.

chatmasta|4 months ago

I buy Apple products not just because they do a great job with security and privacy, but because they do this without needing to do it. They could make plenty of money without going so deep into these features. Maybe eventually it’d catch up with them but it’s not like they even have competition forcing them to care about your privacy.

Their commitment to privacy goes beyond marketing. They actually mean it. They staffed their security team with top hackers from the Jailbreak community… they innovated with Private Relay, private mailboxes, trusted compute, multi-party inference…

I’ve got plenty of problems with Apple hypocrisy, like their embrace of VPNs (except for traffic to Apple Servers) or privacy-preserving defaults (except for Wi-Fi calling or “journaling suggestions”). You could argue their commitment to privacy includes a qualifier like “you’re protected from everyone except for Apple and select telecom partners by default.”

But that’s still leagues ahead of Google whose mantra is more like “you’re protected from everyone except Google and anyone who buys an ad from Google.”

OptionOfT|4 months ago

What is non-private about Wi-Fi calling?

devttyeu|4 months ago

And after all that hardcore engineering work is done, iMessage still has code paths leading to dubious code running in the kernel, enabling 0-click exploits to still be a thing.

aprotyas|4 months ago

That's one way to look at it, but if perfection is the only goal post then no one would ever get anywhere.

wat10000|4 months ago

What's the dubious code?

Running something in the kernel is unavoidable if you want to actually show stuff to the user.

walterbell|4 months ago

Disable iMessage via Apple Configurator MDM policy and enable Lockdown Mode.

mikevm|4 months ago

[deleted]

kmeisthax|4 months ago

Why would a nation-state actor need access to your kernel when all the juicy stuff[0] is in the iMessage process it's already loaded into?

[0] https://xkcd.com/1200/

pjmlp|4 months ago

Google could have added MTE for a couple of years now, but apparently don't want to force it on OEMs as part of their Android certification program, it is the same history as with OS updates.

palata|4 months ago

Don't the Pixels have MTE? Definitely GrapheneOS does, at least to some extent.

kangs|4 months ago

to be fair, most of MTE's benefit is realized by having enough users running your apps with MRE enabled, rather than having it everywhere.

This is because MTE facilitate finding memory bugs and fixing them - but also consumes (physical!) space and power. If enough folks run it with, say Chrome, you get to find and fix most of its memory bugs and it benefits everyone else (minus the drawbacks, since everyone else has MTE off or not present).

trade offs, basically. At least on pixel you can decide on your own

alerighi|4 months ago

They do that now because they care about your security, but to make it difficult to modify (jailbreak) your own devices to run your own software that is not approved by Apple.

What they do is against your interests, for them to keep the monopoly on the App Store.

EasyMark|4 months ago

It can be both things, security and user lock in, those are orthogonal goals.