Apple’s Unfixable Vulnerability - ThreatWire
Рет қаралды 20,665
Күн бұрын⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
Support ThreatWire → / threatwire
@endingwithali →
Twitch: / endingwithali
Twitter: / endingwithali
Everywhere else: links.ali.dev
[❗] ThreatWire Patreon has moved to → / threatwire
0:00 - Intro
0:13 - US Cyber Trust Mark is Now Official
2:24 - Apple’s Unfixable Vulnerability
4:23 - Another Python Supply Chain Attack
5:50 - Outro
LINKS
🔗 Story 1: US Cyber Trust Mark is Now Official
www.whitehouse.gov/briefing-r...
docs.fcc.gov/public/attachmen...
www.jdsupra.com/legalnews/fcc...
cyberscoop.com/fcc-cyber-trus...
🔗 Story 2: Apple’s Unfixable Vulnerability
Apple Mitigation: developer.apple.com/documenta...
www.bleepingcomputer.com/news...
arstechnica.com/security/2024...
gofetch.fail/
www.cyberkendra.com/2024/03/g...
🔗 Story 3: Another Python Supply Chain Attack
checkmarx.com/blog/over-170k-...
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong.
@nicholastoo858 3 ай бұрын
Why should toothbrush have internet access?
@New2Golf 2 ай бұрын
The "s" in IoT stands for security.
@fubu7942 2 ай бұрын
😂 Exactly!!!
@lucretius8050 3 ай бұрын
Wonder what security features the Cyber Trust Mark would have, would become a joke if Temu starts selling the products "certified" with it.
@drewm7071 3 ай бұрын
The label is an interesting approach, but it should come with an expiration date. Nothing that was secure last year remains secure this year.
@secinject814 3 ай бұрын
Good point
@KREDITARY 2 ай бұрын
Labels be like what's on your mind
@CedroCron 3 ай бұрын
There was another security podcast that talked about Apple fixing the Cryptographic processing by moving these requests to other cores that are secure and not on the ones it intended when it released the chips. Apple won't confirm/deny that this is the case but 3rd parties have tested it before and after the latest operating system updates and confirmed which cores are in use and they have switched them. The downside is it's processing a bit slower but it's not a terrible trade-off to fix this problem.
@KREDITARY 2 ай бұрын
Apple like eve, but was she deceived? Who knows.
@ceehacker386 3 ай бұрын
That’s it! My next smartphone will be a rock 🪨
@ChuckNorris-lf6vo 3 ай бұрын
Ahahahahahahhahahaha well said .
@bobbyjohnson116 3 ай бұрын
Will probably work better for getting women
@knewdist 3 ай бұрын
Tin cans and a string
@_sneer_ 3 ай бұрын
@@bobbyjohnson116 "here's my number"
@RavyDavy 3 ай бұрын
@@knewdist I think even tin cans & string can be "man-in-the-middled"
@4362mont 3 ай бұрын
What should we expect from any apple? It might have a worm in it.
@fazalhayat7848 3 ай бұрын
Good Video. Thanks for keeping us updated.
@JonMurray 3 ай бұрын
How smart do you need your toothbrush to be??
@generalshakewell 2 ай бұрын
Dude. How else would you know when to stop brushing?
@slugnasty2395 3 ай бұрын
Informative and awesome as always.
@InstaKane 3 ай бұрын
Thanks for the report 👏
@deeglik 2 ай бұрын
Loving the Tshirt Ali
@arty2k 3 ай бұрын
I'm sure the attack you described is the same thing as another attack named like "ghost", "spirit" or similar.
@russell28533 3 ай бұрын
Keep up the good work Ali with an I, you're doing fine. I also liked how you and the pooch matched too.
@adfjasjhf 3 ай бұрын
Was weird to have an episode without the background music
@schassis_eddi 3 ай бұрын
I was wondering why I could hear the hair on her head growing
@DNETREAPER 3 ай бұрын
Thanks for sharing !!
@jedcletis9313 2 ай бұрын
So GoFetch is like Spectre, but for Mac
@carsonjamesiv2512 3 ай бұрын
Tooth Brushes Ain'T SAFE!🤔
@Mike.Kachar 3 ай бұрын
Ouuuu... "Hacking: The Art of Exploitation" is a great book!! I have both Vol. 1 + Vol. 2 of that series 😃 Now i wanna go back & reread them!
@_mrcrypt 3 ай бұрын
Great infos! Thanks 🍷
@Ms.Robot. 3 ай бұрын
😮Wow❗ Good reporting sweetheart🌸🌹🌞🌻
@stevenpugh5412 3 ай бұрын
Very informative, thank you. That Python attack is concerning. I’m starting to do some small scale website work and making sure I’m including valid secure outside code is giving me another ugh feeling.
@soundspoon 3 ай бұрын
toothbrush botnet lol we have gone too far
@HitemAriania 3 ай бұрын
Ah, gofetch, is exactly like specter for intel cpu's
@seathrunmagaoinghous4119 3 ай бұрын
great job
@tech1238 3 ай бұрын
Good job
@deltonlomatai2309 3 ай бұрын
Maybe underwriters laboratory should create a certification.
@EverettVinzant 3 ай бұрын
No. Bad. NOT “and etcetera..” JUST etcetera. NEVER put and in front of it when using it to mean “along with other items in the class.”
@TheFatVeganOne 3 ай бұрын
Heya, just wanted to say that while I love the information being delivered and I think you've definitely improved; I do think things can be improved from a flow point of view. During the part where you're talking about the cyber trust mark there are several moments where there are unnecessarily long pauses that feel uncomfortable and Ideally need to be removed, or alternatively if you're looking to make it a one take they need to be re-shot and or full width on screen graphics to help remove the jump cut feel of the video if Hak5 as a whole want to avoid that feeling. 🙂
@KREDITARY 2 ай бұрын
Alt thou get it, like art thou
@TheLegitAlpha 3 ай бұрын
What is it with Apple and side channel vulnerabilities?
@Shugoist 2 ай бұрын
is the apple vulnerability not the same as we had with intel CPUs?
@GuyMassicotte 3 ай бұрын
Let's talk about all the untalked security's flaws that pegasus use ;)
@itsdeonlol 3 ай бұрын
W Ali!
@ducksstirling9597 3 ай бұрын
Nice
@pcislocked 3 ай бұрын
nice shirt
@redwings19798 3 ай бұрын
I think it's ironic to wear that shirt while talking about problems with Apple. 🤣
@Inertia888 3 ай бұрын
@@redwings19798 Apple's got a bite taken out of it, drugs are probably cheaper than buying a Macintosh, and who knows?... maybe enhance the Microsoft experience 😛 but, where does that leave Linux?
@ion_q 3 ай бұрын
another sweet shirt!
@williambrasky3891 2 ай бұрын
That shirt needs a penguin. Still want it tho
@mytechnotalent 3 ай бұрын
The Cyber Trust Mark is interested I wonder how they will actually require companies to integrate. I am still unclear how this can help.
@bobbyjohnson116 3 ай бұрын
Basically kyber is already broken
@rikachiu 3 ай бұрын
Interesting tshirt to wear and discuss an unpatchable Mac exploit :P
@secinject814 3 ай бұрын
Haha thats what I thought. I'd love to get into Apple but they're just way too expensive and I can't stand the zero modularity, and I want USB 3.0 jacks, an ethernet jack, an HDMI jack, an SD card reader, not dongles I gotta buy... They do seem to do pretty well making security on their products a priority though, i'll give them that.
@rikachiu 3 ай бұрын
@@secinject814 Oh for sure. Even with all these headline exploits, I will take managing MacBooks in an enterprise over windows any day of the week. But I have a lot of hope for qualcom's attempt in making arm finally viable in the windows and linux space! Can we finally have it all?
@TheButterZone 2 ай бұрын
@@secinject814 Macmini6,2 (Late 2012) had all that except the USB 3.0
@sidensvans67 2 ай бұрын
US Cyber Trust ? 👀
@MarioRossi-fu3db 2 ай бұрын
Yes but when 2023 payload hero awards?
@KREDITARY 2 ай бұрын
Ping -t is a simple command but annoying to clear without knowing psloglist what like ? -c or -f
@DanielDee-xs7cm 2 ай бұрын
Cool Dog!
@KREDITARY 2 ай бұрын
And get aura software, and add a fingerprint to secure your phone. And psloglist to filter unauthorized access by -f and the access point. Happy hunting. Ya know like easter bunny. Ya or nay?
@bretto_ 3 ай бұрын
I like your shirt. 🙂
@jezusrvd 3 ай бұрын
Book club? I’m down
@JNET_Reloaded 3 ай бұрын
THATS A CPU BUG NOT MEMORY! an exploited cpu gives memory because of pre fetch exploit
@user-sp6pr9wr8o 2 ай бұрын
What happened to Shannon?
@alanneilan 3 ай бұрын
lmao that shirt
@david24442 3 ай бұрын
Funny shirt. 😂
@theycallme_D 2 ай бұрын
I like your shirt
@KREDITARY 2 ай бұрын
Its an sci title I internet violation
@KREDITARY 2 ай бұрын
Scareware needs to be removed
@ion_q 3 ай бұрын
Baby, always looking so confused. Teehee.
@BlahBlahBlah85651 3 ай бұрын
There should be a public awareness in school about the dangers of vocal fry.
@camelotenglishtuition6394 3 ай бұрын
agree!
@wilgarcia1 3 ай бұрын
puppy =)
@stiljohny 3 ай бұрын
Hey @hak5. The audio is very very bad guys. I can hear fans from the background as well as its very shouty ..... Please fix
@sbconsult 3 ай бұрын
This so-called Apple flaw is patchable and not a problem. Watch the security now show with Steve Gibson for a highly technical breakdown of why this isn’t a problem for all the M chips.
@Teluric2 2 ай бұрын
Prolly gibson is an Apple cultist.
@no-blink404 3 ай бұрын
Nice job Ali
@kelsey_roy 3 ай бұрын
Nice job AI
@fiddysat 2 ай бұрын
cyber "trust" mark ROFL yeah rite
@Laguy211 3 ай бұрын
Ali is truly a diamond in the rough.😊❤ great job👍
@deletedaxiom6057 3 ай бұрын
I think a completely free and open source secure IoT base OS that automatically gets the stamp of approval should made. Something developed and maintained specifically for IoT devices to keep them secure. That way companies making the devices would have incentive to use that rather than putting together something themselves that would likely be less secure. The benefit to the world by stopping botnets from being built would far outweigh the cost.
@sumduma55 3 ай бұрын
That's a massive undertaking if even possible. All the chips that OS would need to support, the proprietary technology it would have to interact with while protecting IP of third party sue happy businesses and dmca type laws governing encryption devices. Even the ability to update devices when unknown hardware flaws get exploited could pose an issue. It would be nice but not probable if you asked me.
@DirtyPlumbus 3 ай бұрын
😂🍎🤣
@dennis8196 3 ай бұрын
Apple literally knew about this before they went into production. It's a non-issue. You either have massive performance boosts or have a risk of security issues in incalculable odds (you have far greater chance of winning the lottery 3 weeks in a row).
@Teluric2 2 ай бұрын
Its non issue and you are a world famous security expert?
@dennis8196 2 ай бұрын
@@Teluric2 I think I can trust the comments from Steve Gibson enough to quote or paraphrase him, over and above the hype from the clickbait and over-reporting done on this topic. Perhaps you should checkout his stuff too.
@screamengine 3 ай бұрын
So if Apple or any company wanted an even more closed, anti-competitive system they could site such security concerns as a reason to implement them. Sounds to me like it could easily have been baked in as I cannot imagine they would be so sloppy if their sort of pricing has anything to do with R & D costs. But maybe it’s nothing.
@aquatrax123 3 ай бұрын
I can't to see all the security flaws with the cyber trust mark.
@BeWhoYouWant2 3 ай бұрын
If not for gaming I would never use windows tbh. but mac isnt much better imo. just learn linux its worth it.
@mrslade510 3 ай бұрын
If you wanna be an average everyday use there's barely anything to learn lol, these days a lot of distros are very accessible with graphical installers and windows-like DEs. The only thing that prevents people is that they're scared or they're too lazy to spend an hour trying it.
@darthvillarious 3 ай бұрын
She doesn't do well reading from the prompter. You need work Ali, but you'll improve.
@sumduma55 3 ай бұрын
I think this episode was 100% better than her first episode and some earlier ones. I see what you are talking about though. I'm just wondering if we aren't subconsciously expecting Shannon and will never be happy?
@hiddenlawyer 3 ай бұрын
If you watch her videos at 1.5x speed, the awkward pacing is not very perceivable and the few stumbles here and there are not so bad.
@bravohomie 3 ай бұрын
Threat wire became mid
@Log4Jake 3 ай бұрын
Average apple user "Apple devices are unhackable."
@tech1238 3 ай бұрын
Those days are long gone
@JonMurray 3 ай бұрын
Been sat like a coiled spring waiting to say that haven’t you haha!
@aaronconecept6448 3 ай бұрын
😂😂😂
@user-ob1wd9fc5q 3 ай бұрын
I think the original phrase was "apple devices don't get (windows) viruses"
@hiddenlawyer 3 ай бұрын
and the "average apple user" also knows very little about the topic. a comment like this is just tired noise at this point in time.
@redslashed 2 ай бұрын
BRUH i hate apple
@ronanl9604 3 ай бұрын
I miss the balaclava 😢
@sykoteddy 3 ай бұрын
Is it only me or is Ali a bit upset about something today? I hope you'll feel better soon. I also wear my feelings on my sleaves, it doesn't matter how hard I fake it, it shows through. 💜
@funguy4290 3 ай бұрын
I'm generally against plastic surgery. But Shannon is looking so hot these days. Keep doing the good work!
@OcteractSG 2 ай бұрын
mAcS dOn’T gEt ViRuSeS
@ronak3600 3 ай бұрын
pls change host to who dont use fake accent
@C.J... 3 ай бұрын
Dimples❤❤❤
@TheButterZone 2 ай бұрын
Low Level Learning
Рет қаралды 560 М.
Blueberry Lutein
Рет қаралды 285 М.
STICKY Art Shorts
Рет қаралды 2,2 МЛН
Immersed
Рет қаралды 24 МЛН
Electronics_latvia
Рет қаралды 376 М.