The last vulnerability of Apple's iOS, but and OS X revealed in the last few days might have been something we should have expected, especially those involved in technology. If we look carefully at the timing of the SSL vulnerability in iOS and at the same time Apple's "addition" to the NSA's PRISM program, we will probably come across elements that will make us revise the way we see the great technological company.
Saturday 22, February, 2014
Jeffrey Grossman, on Twitter:
[tweet_embed id = 437273379855667201]I have confirmed that the SSL vulnerability "came" with iOS 6.0. It did not exist in 5.1.1 and it exists in 6.0.
IOS 6.0 was released on September 24 of 2012.
According to Transparency 6 of the leaks presenting the NIS PRISM program, Apple entered the program in October of 2012.
Do they prove anything like this? Is it purely occasional?
It sure would be very interesting to know who added him code της ευπάθειας στο λειτουργικό σύστημα. Συνωμοτικά, θα μπορούσε κανείς να υποθέσει ότι η NSA φύτεψε το bug, μέσω κάποιου εργαζόμενου, όπως αναφέρει το daringfireball. Maybe. Harmless, Occam's explanation of Razor states that the vulnerability was inadvertently introduced by an Apple technician. It looks like the kind of vulnerabilities that could occur if something in the merge goes wrong, while copying and pasting of the code.
Η NSA δεν χρειαζόταν καν να διαβάσει τον πηγαίο κώδικα για να βρει την ευπάθεια. Το μόνο θα χρειαζόταν να κάνει, ήταν αυτοματοποιημένες δοκιμές με τη χρήση πλαστογραφημένων πιστοποιητικών που θα τρέχουν με κάθε new edition of the OS. Apple releases iOS, and automated tests with NSA spoofed certificates find the vulnerability, and boom, Apple is “added” to PRISM. It's a very good story and quite convenient for Apple since no one can blame them.
It may be so, but it may not be…
Of course, many thoughts and paranoias are created…
- The NSA did not know this vulnerability.
- The NSA knew about it, but never used it.
- The NSA knew about it and used it.
- The NSA itself planted the vulnerability.
- Apple is complicit with the NSA.
The first case is the most convenient for everyone, it is the most optimistic scenario that unleashes everyone, but then why Apple Lossless Audio CODEC (ALAC), was added to PRISM; If the latter is the case, this means that there is likely to be another vulnerability that remains open, otherwise (let's go again) that the Apple Lossless Audio CODEC (ALAC),, added to PRISM;
The third case is what we call the "clear" case. There is no doubt that Apple is at PRISM, but to be something should have given, irrespective of the firm statements of the company, that all these are lies and scams.