27 comments

[ 13.8 ms ] story [ 220 ms ] thread
What about older OSes? Are they not vulnerable or simply ignored?
Apple only releases Rapid Security Response updates for the latest versions of its operating systems [1]. So any devices running iOS 16.4.X or MacOS 13.3.X won't see one, and anything before that didn't support Rapid Security Response updates. Unfortunately there's not enough information available to know if older releases are vulnerable.

[1] https://support.apple.com/en-us/HT201224

> Unfortunately there's not enough information available to know if older releases are vulnerable.

Assume YES.

Hell, what about newer OSes ...like iOS 17 Beta? visionOS 1 Beta?
Betas don't need a rapid response; people running beta can wait.

Though for all you know this bug doesn't even exist in the newer versions. Or the mitigation was already in the beta but this rapid response required an extra day for testing as it is being shipped to users.

people will run whatever.

recently the pixels had a remote exploit just by being connected to a 4g network. we got two victims in our group in the 3wk google took to patch (it was the first late security update on the same time)... and we did warn everyone to turn radio off (or limit to 3g if out of the us)... nobody cares and they just use the device thinking they won't be a target.

That's not how it works. The peeps working on the new stuff ARE WORKING ON THE NEW STUFF. This would fall under backports (er, forward ports?)
They’ll just get it in the next beta
Yep. It’s a good reason to stop using your beta device until the update tho.
I’ve always been curious to know .. with all of the random 0-days in mobile operating systems (iOS, for example)

How do you know that an attacker is not persisting in the system if you click a bad link before a patch gets applied?

Persisting in the fs is much harder than just getting code execution. Not impossible (nothing is) but much harder (and thus likely less common), due to signature checking
You're assuming a click/tap is involved. Several iOS exploits are 0-click.
Your pedantry is noted, but this would not change the answer to the question at all.
Persistence is not needed when they can just access your device any time. That part was what addressed your question.
Thanks for clearing that up. My question was meant more about after a device is patched.. how you can know it's secure.
Forensic approach is to get a disk image(iOS just has backups) and analyze that. You can't ever be 100% sure. Can't prove a negative (no compromise) you can only prove positives based on the state of the device you can measure.

Personally, I only use mobile devices for internet browsing and using apps like uber, I only have like one app I should probably stop using but to the most part I always assume any mobile device out there is or can readily be compromised.

Would be pretty difficult to find an exploit that avoids the boot chain attestation features. Good reason why a lot of exploits require you to reapply them every reboot.
This is interesting, it installs without a restart almost immediately.
My iPhone required a restart, but the whole process took less than 5 minutes.
My iPhone 14 pro max required a restart.
that's interesting! most likely because it's just app update to safari. they should really allow built-in apps to get updated via App Store...
Why would it matter? They can deploy updates via the existing system instantly.