Hacker News new | past | comments | ask | show | jobs | submit login

Would compiling image parsers with ASLR and bounds checking prevent these zero-click hacks?

I haven’t researched the exploits in detail but it seems to me Apple can develop better protection against such zero-click exploits.

At the very least, iMessages shouldn’t preview images from unknown contacts.




The image parser uses ASLR. The turing complete NAND computing device they describe in the article was used to do computations on the pointers leaked with the infoleak, resulting in an ASLR bypass. Brilliant.


IKR, sad to see such ingenuity used to hack activists.


I'm convinced that a bad image parser is apple's backdoor, but I only have my paranoia as proof.


What Apple stands to gain from a backdoor? It's clear what the cost of risk is, but what is the gain?


Just spitballing, but market access to China and the like?


Why use a backdoor if you have the frontdoor, the walls, the roof.. and the entire server?

Censorship, Surveillance and Profits: A Hard Bargain for Apple in China - https://nyti.ms/3oAvIVH

> Apple has largely ceded control to the Chinese government.

Chinese state employees physically manage the computers. Apple abandoned the encryption technology it used elsewhere after China would not allow it. And the digital keys that unlock information on those computers are stored in the data centers they’re meant to secure.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: