this post was submitted on 18 Jun 2023
50 points (82.1% liked)

Apple

17445 readers
45 users here now

Welcome

to the largest Apple community on Lemmy. This is the place where we talk about everything Apple, from iOS to the exciting upcoming Apple Vision Pro. Feel free to join the discussion!

Rules:
  1. No NSFW Content
  2. No Hate Speech or Personal Attacks
  3. No Ads / Spamming
    Self promotion is only allowed in the pinned monthly thread

Lemmy Code of Conduct

Communities of Interest:

Apple Hardware
Apple TV
Apple Watch
iPad
iPhone
Mac
Vintage Apple

Apple Software
iOS
iPadOS
macOS
tvOS
watchOS
Shortcuts
Xcode

Community banner courtesy of u/Antsomnia.

founded 1 year ago
MODERATORS
MichelleG
RoyalEngineering
thisisdee
50
iCloud unlocking goes mainstream, Apple turns a blind eye (lemmy.world)
submitted 1 year ago by Doggy4545 to c/apple_enthusiast
13 comments fedilink hide all child comments
 

https://youtu.be/FCSCq5rGxDI

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 14 points 1 year ago (8 children)

Any chance of a tl;dw synopsis?

[–] skullvalanche 32 points 1 year ago (5 children)

The video takes a long time to say this:

There's a new (and concerning) service known as "Plist FMI off" which appears to be able to unlock an iPhone that would otherwise be locked and useless to thieves.

Disabling iCloud lock / Find My iPhone lock should be something only possible by someone working from inside Apple -- thus implying that there's likely an insider involved in this. Or at the very least, a security flaw in Apple's network that's allowing this to happen.

The Youtuber seems to think that Apple should be forthcoming about declaring this vulnerability exists. IMHO, he is wrong to think that. Declaring the flaw before it's been patched would only create a rash of iPhone thefts.

Ideally, Apple is now aware of this situation, and is doing internal investigations to correct it.

[–] [email protected] 4 points 1 year ago (1 children)

But to get to the point that the vulnerability is now being used as a service, doesn't that mean it's been there for a while?(I think he mentions that there's another company that did a bunch of research on the service and the vulnerability for a long time), and if Apple hasn't given any attention to this major security problem how else will they get pressured into working on a fix? Idk, for me it's the best way forward given their lack of attention to the problem so far. Also, if I'm not mistaken, it falls in line with a "common practice" that some security researches do, which is to warn the company of the problem, and if they don't act on it after a certain amount of time, they disclose it to the public so there's pressure for a fix.

[–] skullvalanche 4 points 1 year ago

(full disclosure, I used to work at HQ in Cupertino) ... it's not generally Apple's M.O. to respond to things like this with, at most, "we received your message".

Apple's infosec team is almost certainly looking into this, assuming the report made it's way to them. I'll reach out to some of my contacts there n' make sure they're at least aware of the exploit.

Given how guarded Apple is about revealing anything, I wouldn't expect much of a response though, even from a friend.

load more comments (3 replies)
load more comments (5 replies)