Hacker News new | past | comments | ask | show | jobs | submit login

Like an exploit where all you need to do is enter the target's phone number to compromise their phone?



TFA says they need to send the target a text message.

The exploit must be something like a buffer overflow in iMessage. Which we know bugs like this have been fixed. Remember the text of death which could crash any iPhone from a couple years ago?


Are you thinking of the "Stagefright" bug that did RCE via SMS on Android devices? Or maybe the Chinese censorship code that crashed iOS when people sent the Taiwanese flag emoji? 🇹🇼


Don't forget the Stagefright-like bug in iOS where a malformed TIFF file could lead to remote code execution!


"Bugs like this have been fixed" != "all bugs like this have been fixed". That is, some similar bugs having been fixed does not make such an exploit impossible.


Wasn't that in may? Time flies.


I think more that they manage to find these exploits and rapidly build infrastructure around it to make it useful.


They don't need to be very fast... the NSA is known to sit on vulnerabilities for years.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: