That Time Apple Patched 3 Zero Day Exploits in Just 10 Days [Update]

| Editorial

The Spying Eye Waiting in Every DeviceVanity Fair has a great piece about zero day exploits, the black market for selling them (to mostly governments, including repressive regimes), how they’re used to spy, and how the whole thing came to be. The story, which is quite long, is built around a particular piece of sophisticated spyware discovered by a couple of researchers, and Apple’s “engineering feat” that patched against the exploits in just ten days.

[Update: Added link to article – Editor]

The piece clocks in at more than 6,500 words, or roughly 6,000 words than most people will read in today’s age of tl;dr. But boy, it’s a good read, and I encourage everyone to buckle down and gobble it up. Above and beyond the interesting info about security, this excellent piece of journalism helps highlight the need for end-to-end encryption and companies like Apple to champion it.

Here are some snippets to whet your appetite:

By 2010 a true black market for zero days was emerging beyond the usual black market. The turning point came when a French company named Vupen began to offer bounties for zero days, reportedly as much as $250,000. Vupen insisted its aim was keeping software safe, though many doubted that its intentions were so noble. Companies such as Hewlett-Packard and Microsoft responded with bounties of their own. Though far less than what Vupen and others were paying, these bounties offered white-hat hackers a way to make money while keeping their ethics intact. In addition, as former hackers, they might also end up with lucrative consulting contracts.

[…]

Apple managed to issue a “patch” to fix the three zero-day exploits just 10 days after the call, an engineering feat that surprised many of those involved. An Apple spokesman declined comment, but a Silicon Valley security consultant who works closely with the company says, “Apple had never seen anything like this—ever. This was an incredibly sophisticated nation-state attack, kind of breathtaking in its scope. This took a herculean effort on their part to patch it so fast. It was Katy-bar-the-door over there.”

[…]

“What these cyber-arms dealers have done is democratize digital surveillance,” says the A.C.L.U.’s Chris Soghoian. “The surveillance tools once only used by big governments are now available to anyone with a couple hundred grand to spend.” In fact, they may be coming to your iPhone sometime soon.

Go read it.

4 Comments Add a comment

  1. Hacking devices.
    Today the German Spy chief warned about hacking in the upcoming German election
    Both parties in the American election had data hacked, the Democrats most famously.
    There is suspicion that some voting systems were hacked.
    Cyber espionage is rampant.
    Before Russia moved into parts of Georgia, and Ukraine, and during tensions with Estonia, the respective countries found their cyber infrastructure partially or wholly disabled due to cyber attacks.

    There IS a cyber war going on. The West, including companies, democratic institutions, and freedom loving people are losing,..badly.

    Wake Up.

  2. Bryan, you should warn folks when you link to a page with a Yuuuge imbedded video that insists on downloading without being clicked on.

    (It’s bad form. Really bad form, for webpages to imbed auto downloading vides !)

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account