alt Hacker NewsApple patches decade-old iOS zero-day, possibly exploited by commercial spyware
Comments
Meanwhile Apple made a choice to leave iOS 18 vulnerable on the devices that receive updates to iOS 26. If you want security, be ready to sacrifice UI usability.
decade-old vulns like this are why the 'you're not interesting enough to target' argument falls apart. commercial spyware democratized nation-state capabilities - now any mediocre threat actor with budget can buy into these exploits. the Pegasus stuff proved that pretty clearly. and yeah memory safety helps but the transition is slow - you've got this massive C/C++ codebase in iOS that's been accumulating bugs for 15+ years, and rewriting it all in Swift or safe-C is a multi-decade project. meanwhile every line of legacy code is a ticking time bomb. honestly think the bigger issue is detection - if you can't tell you've been pwned, memory safety doesn't matter much.
Whenever plugging a hole like this, the OS should kinda leave it “open” as a kind of honeypot and immediately show a warning to the user that some exploit was attempted. Granted, the malware will quickly adapt but you should at least give some users (like journalists or politicians) the insanely important information about them being targeted by some malicious group.
I wonder what the internal conversations are like around memory safety at Apple right now. Do people feel comfortable enough with Swift's performance to replace key things like dyld and the OS? Are there specific asks in place for that to happen? Is Rust on the table? Or does C and C++ continue to dominate in these spaces?
Oh great, so is this how Apple forces me to downgrade from iOS 18 to iOS 26?
What's never mentioned in posts like this is whether phones in lockdown mode were vulnerable too.
Outrageous that this isn't being patched in iOS 18. Genuinely shocked, and indefensible.
Apple has some of my favorite vulnerabilities, most notably GOTO Fail: https://www.imperialviolet.org/2014/02/22/applebug.html
No updates for ipados17. I guess my ipad pro 10.5 is finally a brick.
What does "zero-day" even meant?
> ... decade-old ...
> ... was exploited in the wild ...
> ... may have been part of an exploit chain....
Did MIE/MTE on 2025 iPhones help to detect this longstanding zero day?
Submit feedback (or radar equivalents) to Apple about the nasty rug-pull of not patching 18 on all devices. Don't expect a response however.
i wonder if this could be used to make a jailbreak possible :3
It's pretty unbeliveable that a zero-day can sit here this long. If one can exist, the likeliehood of more existing at all times is non-trivial.
Whether it's a walled garden of iOS, or relative openneds of Android, I don't think either can police everythign on anyone's behalf.
I'm not sure how organizations can secure any device ios or android if they can't track and control the network layer, period out of it, and there are zero carveouts for the OS itself around network traffic visibility.
Previously: https://news.ycombinator.com/item?id=46979643
[flagged]
as in I now have to upgrade all my children's ancient iphones...?
I'd much rather not do that
My suspicion is that. These "exploits" are planted by spy agencies.
They don't appear there organically.
I am shocked to hear that over these years it was possibl to extract data from a locked iphone. (hardening mode off)
I trusted apple.
So the exploiters have deprecated that version of spyware and moved on I see. This has been the case every other time. The state actors realize that there's too many fingers in the pie (every other nation has caught on), the exploit is leaked and patched. Meanwhile, all actors have moved on to something even better.
Remember when Apple touted the security platform all-up and a short-time later we learned that an adversary could SMS you and pwn your phone without so much as a link to be clicked.
KSIMET: 2020, FORCEDENTRY: 2021, PWNYOURHOME, FINDMYPWN: 2022, BLASTPASS: 2023
Each time NSO had the next chain ready prior to patch.
I recall working at a lab a decade ago where we were touting full end-to-end exploit chain on the same day that the target product was announcing full end-to-end encryption -- that we could bypass with a click.
It's worth doing (Apple patching) but a reminder that you are never safe from a determined adversary.