HN

Need help?
<- Back
Apple patches decade-old iOS zero-day, possibly exploited by commercial spyware

Apple patches decade-old iOS zero-day, possibly exploited by commercial spyware

beardyw

Comments (187)

  • dudeinhawaii
    So the exploiters have deprecated that version of spyware and moved on I see. This has been the case every other time. The state actors realize that there's too many fingers in the pie (every other nation has caught on), the exploit is leaked and patched. Meanwhile, all actors have moved on to something even better.Remember when Apple touted the security platform all-up and a short-time later we learned that an adversary could SMS you and pwn your phone without so much as a link to be clicked.KSIMET: 2020, FORCEDENTRY: 2021, PWNYOURHOME, FINDMYPWN: 2022, BLASTPASS: 2023Each time NSO had the next chain ready prior to patch.I recall working at a lab a decade ago where we were touting full end-to-end exploit chain on the same day that the target product was announcing full end-to-end encryption -- that we could bypass with a click.It's worth doing (Apple patching) but a reminder that you are never safe from a determined adversary.
  • shantara
    Meanwhile Apple made a choice to leave iOS 18 vulnerable on the devices that receive updates to iOS 26. If you want security, be ready to sacrifice UI usability.
  • the_harpia_io
    decade-old vulns like this are why the 'you're not interesting enough to target' argument falls apart. commercial spyware democratized nation-state capabilities - now any mediocre threat actor with budget can buy into these exploits. the Pegasus stuff proved that pretty clearly. and yeah memory safety helps but the transition is slow - you've got this massive C/C++ codebase in iOS that's been accumulating bugs for 15+ years, and rewriting it all in Swift or safe-C is a multi-decade project. meanwhile every line of legacy code is a ticking time bomb. honestly think the bigger issue is detection - if you can't tell you've been pwned, memory safety doesn't matter much.
  • meisel
    I wonder what the internal conversations are like around memory safety at Apple right now. Do people feel comfortable enough with Swift's performance to replace key things like dyld and the OS? Are there specific asks in place for that to happen? Is Rust on the table? Or does C and C++ continue to dominate in these spaces?
  • riggsdk
    Whenever plugging a hole like this, the OS should kinda leave it “open” as a kind of honeypot and immediately show a warning to the user that some exploit was attempted. Granted, the malware will quickly adapt but you should at least give some users (like journalists or politicians) the insanely important information about them being targeted by some malicious group.
  • jl6
    Oh great, so is this how Apple forces me to downgrade from iOS 18 to iOS 26?
  • prodigycorp
    What's never mentioned in posts like this is whether phones in lockdown mode were vulnerable too.
  • JensenTorp
    Outrageous that this isn't being patched in iOS 18. Genuinely shocked, and indefensible.
  • zerotolerance
    Apple has some of my favorite vulnerabilities, most notably GOTO Fail: https://www.imperialviolet.org/2014/02/22/applebug.html
  • cpncrunch
    No updates for ipados17. I guess my ipad pro 10.5 is finally a brick.
  • j16sdiz
    What does "zero-day" even meant?> ... decade-old ...> ... was exploited in the wild ...> ... may have been part of an exploit chain....
  • burnt-resistor
    Submit feedback (or radar equivalents) to Apple about the nasty rug-pull of not patching 18 on all devices. Don't expect a response however.https://www.apple.com/feedback
  • walterbell
    Did MIE/MTE on 2025 iPhones help to detect this longstanding zero day?
  • p-t
    i wonder if this could be used to make a jailbreak possible :3
  • j45
    It's pretty unbeliveable that a zero-day can sit here this long. If one can exist, the likeliehood of more existing at all times is non-trivial.Whether it's a walled garden of iOS, or relative openneds of Android, I don't think either can police everythign on anyone's behalf.I'm not sure how organizations can secure any device ios or android if they can't track and control the network layer, period out of it, and there are zero carveouts for the OS itself around network traffic visibility.
  • ChrisArchitect
  • erichocean
    I wonder if Fil-C would have prevented this.
  • zero0529
    I guess the fix is only for Tahoe?Edit: I meant iOS 18
  • greenie_beans
    [flagged]
  • baq
    as in I now have to upgrade all my children's ancient iphones...?I'd much rather not do that
  • max_
    My suspicion is that. These "exploits" are planted by spy agencies.They don't appear there organically.
  • asah
    Open source wins... again.
  • brainzap
    I am shocked to hear that over these years it was possibl to extract data from a locked iphone. (hardening mode off)I trusted apple.