Discussion:
Disable iMessage NOW! (Trust Wallet Warns iOS Users About New iMessage Zero-Day Vulnerabilities)
Add Reply
Mickey D
2024-04-18 20:32:23 UTC
Reply
Permalink
The recommendation by Trust Wallet is to disable iMessage until Apple
figures out how so many holes have been recently found in their platform.

Trust Wallet has stated that dark web hackers are targeting iPhone and iOS
users through zero-day exploits in Apple's default messaging app, iMessage.

The Trust Wallet warning suggests that the exploitation corridor has
existed on these Apple devices since the beginning of Apple's messaging
system, which proves a huge hole is in Apple's testing infrastructure.

Trust Wallet recommends completely disabling iMessage from Apple settings
to mitigate the issue while waiting for code fixes. Currently, Apple has
not addressed nor denied these claims as the problem is lack of testing for
zero-day holes in Apple's messaging system.


Be informed this is not Apple's first warning of holes in Apple's testing.
Trust Wallet is the second crypto wallet app to recently warn users about
issues related to Apple's lack of testing for security vulnerabilities.

Previously, the Bitcoin wallet UniSat informed users about fake apps
impersonating them on the App Store. And just last month, the crypto
community became aware of the GoFetch attack vector on Apple's products.

That apple vulnerability allows hackers to steal cryptographic keys due to
an untested CPU cache bug in Apple's MacBook M1, M2, and M3 computer chips.

The company has acknowledged the issue due to Apple's lack of testing, but
details about a security patch have not yet emerged.

As a precautionary measure, advice from industry players like the CEO of
Errata Security, Robert Graham, suggests that users with significant crypto
assets should transfer their assets away from Apple's untested iOS devices.

Trust Wallet's warning to iOS users about the iMessage vulnerability
underscores the critical importance of Apple's inherent historic lack of
spending money to address security concerns in Apple's mobile platforms.

The fact all these security holes exist shows Apple's pervasive
advertisements to the contrary to be nothing more than brazen falsehoods.

This new indication of high-risk attacks via Apple's iMessage highlights
the evolving sophistication of cyber threats targeting cryptocurrency
users, where Apple's lack of testing makes everyone using iOS vulnerable.

The recommendation to disable iMessage temporarily as a mitigation strategy
reflects the urgency of the situation while awaiting fixes from Apple.
However, the lack of official response from Apple leaves users in a
precarious position, emphasizing the need for timely action to safeguard
sensitive assets.

Trust Wallet's alert adds to a growing chorus of concerns regarding Apple's
security infrastructure, with previous warnings from other crypto wallet
apps and recent revelations about the GoFetch attack vector amplifying the
urgency for robust security measures.

As the crypto community grapples with these vulnerabilities, proactive
steps, such as transferring significant crypto assets from iOS devices, are
advised to mitigate potential risks. Ultimately, this episode underscores
the ongoing importance of vigilance and collaboration among industry
stakeholders to ensure the security of digital assets in an increasingly
interconnected digital landscape.

https://www.bulbapp.io/p/89113c83-fc9b-41ca-a62a-cfebca540f11/trust-wallet-warns-ios-users-about-imessage-vulnerability
Your Name
2024-04-18 22:35:55 UTC
Reply
Permalink
The recommendation by Trust Wallet ...
Stay *WELL* away from all scam "cryptocurrency" bollocks.
badgolferman
2024-04-19 01:06:23 UTC
Reply
Permalink
Post by Your Name
The recommendation by Trust Wallet ...
Stay *WELL* away from all scam "cryptocurrency" bollocks.
Okay, no cryptocurrency for me. Now what about iMessage?
Chris
2024-04-19 10:39:54 UTC
Reply
Permalink
Post by Your Name
The recommendation by Trust Wallet ...
Stay *WELL* away from all scam "cryptocurrency" bollocks.
Yeah, this isn't new news.

It's just a rehash of the recent hardware flaw discovered in Apple
M-series cpus. The biggest risk - although still tiny - from the flaw is
cryptography, hence why the crypto community are concerned.
Joerg Lorenz
2024-04-19 12:21:12 UTC
Reply
Permalink
Post by Chris
Post by Your Name
The recommendation by Trust Wallet ...
Stay *WELL* away from all scam "cryptocurrency" bollocks.
Yeah, this isn't new news.
It's just a rehash of the recent hardware flaw discovered in Apple
M-series cpus. The biggest risk - although still tiny - from the flaw is
cryptography, hence why the crypto community are concerned.
Has nothing to do with iMsg as claimed by the OP.
--
"Alea icacta est." (Julius Caesar)
Mickey D
2024-04-19 14:26:53 UTC
Reply
Permalink
Post by Joerg Lorenz
Post by Chris
Post by Your Name
The recommendation by Trust Wallet ...
Stay *WELL* away from all scam "cryptocurrency" bollocks.
Yeah, this isn't new news.
It's just a rehash of the recent hardware flaw discovered in Apple
M-series cpus. The biggest risk - although still tiny - from the flaw is
cryptography, hence why the crypto community are concerned.
Has nothing to do with iMsg as claimed by the OP.
You're confused by the huge number of Apple zero-day holes, only some of
which are known to be found in Apple's M-series unpatchably flawed chips.

However, it's not yet fully clear that this $2 million iOS zero-day is what
the hackers claim it to be, according to the news that is all over the net.
https://appleinsider.com/articles/24/04/18/exploit-seller-wants-2-million-for-a-zero-day-imessage-attack-vector-that-probably-doesnt-exist

"It's important to note, as Tech Crunch highlights, that there is currently
no definitive proof of the exploit's existence. The proof is derived from a
dark web advertisement for something called "iMessage Exploit."
https://techcrunch.com/2024/04/16/a-crypto-wallet-makers-warning-about-an-imessage-bug-sounds-like-a-false-alarm/
Jörg Lorenz
2024-04-19 15:04:47 UTC
Reply
Permalink
Post by Mickey D
Post by Joerg Lorenz
Post by Chris
Post by Your Name
The recommendation by Trust Wallet ...
Stay *WELL* away from all scam "cryptocurrency" bollocks.
Yeah, this isn't new news.
It's just a rehash of the recent hardware flaw discovered in Apple
M-series cpus. The biggest risk - although still tiny - from the flaw is
cryptography, hence why the crypto community are concerned.
Has nothing to do with iMsg as claimed by the OP.
You're confused by the huge number of Apple zero-day holes, only some of
which are known to be found in Apple's M-series unpatchably flawed chips.
M-series chips have nothing to do with iOS.
--
"Gutta cavat lapidem." (Ovid)
Mickey D
2024-04-19 15:19:26 UTC
Reply
Permalink
Post by Jörg Lorenz
Post by Mickey D
Post by Joerg Lorenz
Post by Chris
It's just a rehash of the recent hardware flaw discovered in Apple
M-series cpus. The biggest risk - although still tiny - from the flaw is
cryptography, hence why the crypto community are concerned.
Has nothing to do with iMsg as claimed by the OP.
You're confused by the huge number of Apple zero-day holes, only some of
which are known to be found in Apple's M-series unpatchably flawed chips.
M-series chips have nothing to do with iOS.
Nobody said it did. You are confused by the huge number of zero day holes
in Apple's products that you can't separate which of those many zero-day
holes are in iMessage (which can be patched) and which of the holes are in
Apple's millions of hopelessly flawed CPU chips (which can't be patched).

Back to the subject matter at hand, the net has been flooded with the
suggestion for iOS users to disable iMessages due to a "credible" warning.
https://www.forbes.com/sites/digital-assets/2024/04/17/disable-imessages-asap-high-risk-alert-issued-over-credible-iphone-exploit/

For days, that has been the news but more recently the news has tempered
that dire warning saying that the evidence is mostly in hackers' news.
https://crypto.news/trust-wallet-warns-apple-ios-users-of-imessage-vulnerability/

Non-hacker news has recently been reporting that it could be a false alarm.
https://www.androidheadlines.com/2024/04/iphone-users-warned-about-imessage-exploit-but-it-could-be-fake.html
Jörg Lorenz
2024-04-19 15:23:41 UTC
Reply
Permalink
Post by Mickey D
Post by Jörg Lorenz
Post by Mickey D
Post by Joerg Lorenz
Post by Chris
It's just a rehash of the recent hardware flaw discovered in Apple
M-series cpus. The biggest risk - although still tiny - from the flaw is
cryptography, hence why the crypto community are concerned.
Has nothing to do with iMsg as claimed by the OP.
You're confused by the huge number of Apple zero-day holes, only some of
which are known to be found in Apple's M-series unpatchably flawed chips.
M-series chips have nothing to do with iOS.
Nobody said it did.
You did. You logical capabilites are very limited.

EOD
--
"Gutta cavat lapidem." (Ovid)
Chris
2024-04-19 16:00:57 UTC
Reply
Permalink
Post by Mickey D
Post by Jörg Lorenz
Post by Mickey D
Post by Joerg Lorenz
Post by Chris
It's just a rehash of the recent hardware flaw discovered in Apple
M-series cpus. The biggest risk - although still tiny - from the flaw is
cryptography, hence why the crypto community are concerned.
Has nothing to do with iMsg as claimed by the OP.
You're confused by the huge number of Apple zero-day holes, only some of
which are known to be found in Apple's M-series unpatchably flawed chips.
M-series chips have nothing to do with iOS.
Nobody said it did. You are confused by the huge number of zero day holes
in Apple's products that you can't separate which of those many zero-day
holes are in iMessage (which can be patched) and which of the holes are in
Apple's millions of hopelessly flawed CPU chips (which can't be patched).
Back to the subject matter at hand, the net has been flooded with the
suggestion for iOS users to disable iMessages due to a "credible" warning.
https://www.forbes.com/sites/digital-assets/2024/04/17/disable-imessages-asap-high-risk-alert-issued-over-credible-iphone-exploit/
For days, that has been the news but more recently the news has tempered
that dire warning saying that the evidence is mostly in hackers' news.
https://crypto.news/trust-wallet-warns-apple-ios-users-of-imessage-vulnerability/
Non-hacker news has recently been reporting that it could be a false alarm.
https://www.androidheadlines.com/2024/04/iphone-users-warned-about-imessage-exploit-but-it-could-be-fake.html
These are all reporting on the Trust Wallet story. That's not a flood,
just an echo.
Mickey D
2024-04-19 16:29:49 UTC
Reply
Permalink
Post by Chris
Post by Mickey D
Non-hacker news has recently been reporting that it could be a false alarm.
https://www.androidheadlines.com/2024/04/iphone-users-warned-about-imessage-exploit-but-it-could-be-fake.html
These are all reporting on the Trust Wallet story. That's not a flood,
just an echo.
While I disagree with the user who thinks this is all about the M1 flaws,
I agree with you that initially, it was widely reported to be so bad that
all iOS users were suggested to disable the app to prevent being hacked.

You have to take these seriously because iMessage is frequently hacked.
https://www.bleepingcomputer.com/news/security/apple-zero-click-imessage-exploit-used-to-infect-iphones-with-spyware/

These iMessages zero-day holes are so frequent, that you have to take them
at face value, as almost every one that is reported turns out to be true.
https://www.forbes.com/sites/daveywinder/2023/06/02/warning-issued-for-iphone-users-as-ongoing-imessage-0-click-attack-revealed/

Apple is never going to be the first to let you know about its holes, and,
in fact, Apple doesn't tell you iOS iMessages holes are on the rise.
https://www.nbcnews.com/tech/security/apple-iphone-security-update-points-growing-problem-zero-days-rcna2012

Apple has historically been the last entity to tell users anything about
its many iMessages flaws, all of which are due to Apple's lack of testing.
https://www.macworld.com/article/227626/imessage-security-flaw-faq.html

In this case, the news for days was that iMessages was so seriously broken
that users around the world were told to completely disable it in settings.
https://cointelegraph.com/news/apple-ios-imessage-zero-day-crypto-exploit-warning-trust-wallet

Then, slowly, the news started to report that, while the initial evidence
of the $2 million dollar hack is correct - it may be a false alarm.
https://appleinsider.com/articles/24/04/18/exploit-seller-wants-2-million-for-a-zero-day-imessage-attack-vector-that-probably-doesnt-exist

All we can do now is wait to see whether the advertised $2M hack is real.
Or not.
Chris
2024-04-20 08:30:34 UTC
Reply
Permalink
Post by Mickey D
Post by Chris
Post by Mickey D
Non-hacker news has recently been reporting that it could be a false alarm.
https://www.androidheadlines.com/2024/04/iphone-users-warned-about-imessage-exploit-but-it-could-be-fake.html
These are all reporting on the Trust Wallet story. That's not a flood,
just an echo.
While I disagree with the user who thinks this is all about the M1 flaws,
And you'd be wrong.
Post by Mickey D
I agree with you that initially, it was widely reported to be so bad that
all iOS users were suggested to disable the app to prevent being hacked.
M1 flaws have no impact on iOS. Remind me which M1 device uses ios?
Tyrone
2024-04-20 13:06:37 UTC
Reply
Permalink
Post by Chris
Post by Mickey D
I agree with you that initially, it was widely reported to be so bad that
all iOS users were suggested to disable the app to prevent being hacked.
M1 flaws have no impact on iOS. Remind me which M1 device uses ios?
To be fair, iPads run iOS. iPadOS is the same underlying OS. And until iOS
12 (or 13? Whatever) iPads ran iOS. There are M1 and M2 (and soon M3) iPads.


In fact, all of Apple's OSes are the same underlying OS. Mac, iPhones, iPads,
watches, VR goggles etc. all basically run the same OS. Different GUIs and
such (and other things), but very similar behind the curtain.

But even so, there is no way I am going "Disable iMessage NOW!" because some
weirdo Bitcoin goofball says so.
Your Name
2024-04-19 21:59:13 UTC
Reply
Permalink
Post by Mickey D
Post by Jörg Lorenz
Post by Mickey D
Post by Joerg Lorenz
Post by Chris
It's just a rehash of the recent hardware flaw discovered in Apple
M-series cpus. The biggest risk - although still tiny - from the flaw is
cryptography, hence why the crypto community are concerned.
Has nothing to do with iMsg as claimed by the OP.
You're confused by the huge number of Apple zero-day holes, only some of
which are known to be found in Apple's M-series unpatchably flawed chips.
M-series chips have nothing to do with iOS.
Nobody said it did. You are confused by the huge number of zero day holes
in Apple's products that you can't separate which of those many zero-day
holes are in iMessage (which can be patched) and which of the holes are in
Apple's millions of hopelessly flawed CPU chips (which can't be patched).
Many of which are the exact same flaws in most (if not all) other
chips, especially ARM chips.

Another idiot anti-Apple troll added to the kilfile.
Indira
2024-04-19 22:38:47 UTC
Reply
Permalink
Post by Your Name
Many of which are the exact same flaws in most (if not all) other
chips, especially ARM chips.
What is it about this group that two people (at least) don't have a clue
that there's a difference between iOS (software) and M1 (hardware) chips?

If they don't know the difference between iOS (software) & M1 (hardware)
then how can anything they ever say be trusted to be at all meaningful?
Peter Piper
2024-04-21 17:59:19 UTC
Reply
Permalink
Post by Your Name
Another idiot anti-Apple troll added to the kilfile.
This is not "another" one. This is the same Arlen. He has a
characteristic posting style and wording.

Adding him to your killfile will not stop you feeding him. He will just
morph when he wants you to feed him again.


Some of Arlen's recent nyms:

- Andrew
- Bill Powell
- Bradley
- david
- Enrico Papaloma
- Frankie
- Gelato
- Gunther F
- Harry S Robins
- Jan K.
- Jerry
- Mickey D
- Oliver
- Patrick
- Peter
- Ronald
- Sten deJoode
- Tamborino
- Wolf Greenblatt
Cameo
2024-04-21 18:22:33 UTC
Reply
Permalink
Post by Peter Piper
Post by Your Name
Another idiot anti-Apple troll added to the kilfile.
This is not "another" one. This is the same Arlen. He has a
characteristic posting style and wording.
Adding him to your killfile will not stop you feeding him. He will just
morph when he wants you to feed him again.
- Andrew
- Bill Powell
- Bradley
- david
- Enrico Papaloma
- Frankie
- Gelato
- Gunther F
- Harry S Robins
- Jan K.
- Jerry
- Mickey D
- Oliver
- Patrick
- Peter
- Ronald
- Sten deJoode
- Tamborino
- Wolf Greenblatt
At least he is inventive. 🤒
Jörg Lorenz
2024-04-21 19:35:01 UTC
Reply
Permalink
Post by Cameo
Post by Peter Piper
Post by Your Name
Another idiot anti-Apple troll added to the kilfile.
This is not "another" one. This is the same Arlen. He has a
characteristic posting style and wording.
Adding him to your killfile will not stop you feeding him. He will just
morph when he wants you to feed him again.
- Andrew
- Bill Powell
- Bradley
- david
- Enrico Papaloma
- Frankie
- Gelato
- Gunther F
- Harry S Robins
- Jan K.
- Jerry
- Mickey D
- Oliver
- Patrick
- Peter
- Ronald
- Sten deJoode
- Tamborino
- Wolf Greenblatt
At least he is inventive. 🤒
But his life has no meaningful purpose.
--
"Gutta cavat lapidem." (Ovid)
badgolferman
2024-04-21 20:38:14 UTC
Reply
Permalink
Post by Jörg Lorenz
But his life has no meaningful purpose.
IIRC, Arlen has stated his purpose is to speak the truth.
Jörg Lorenz
2024-04-21 22:46:54 UTC
Reply
Permalink
Post by badgolferman
Post by Jörg Lorenz
But his life has no meaningful purpose.
IIRC, Arlen has stated his purpose is to speak the truth.
Then the first thing would be not to lie about his own identity. He has
no credibility at all.
--
"Ave Caesar! Morituri te salutant!"
Jolly Roger
2024-04-21 23:41:29 UTC
Reply
Permalink
Post by Jörg Lorenz
Post by badgolferman
Post by Jörg Lorenz
But his life has no meaningful purpose.
IIRC, Arlen has stated his purpose is to speak the truth.
Then the first thing would be not to lie about his own identity. He
has no credibility at all.
And there's a reason badgolferman isn't condemning him here (or anywhere
else). 😉
--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR
*Hemidactylus*
2024-04-24 02:00:33 UTC
Reply
Permalink
Post by Jolly Roger
Post by Jörg Lorenz
Post by badgolferman
Post by Jörg Lorenz
But his life has no meaningful purpose.
IIRC, Arlen has stated his purpose is to speak the truth.
Then the first thing would be not to lie about his own identity. He
has no credibility at all.
And there's a reason badgolferman isn't condemning him here (or anywhere
else). 😉
Careful as you might trigger yet another inane comment by Hank Rogers.
Mickey D
2024-04-24 14:52:50 UTC
Reply
Permalink
On Wed, 24 Apr 2024 02:00:33 +0000, *Hemidactylus* wrote:
The latest news shows Apple won't confirm or deny the bug,
but nobody else yet has been able to confirm the bug, so for now, at least
until Apple says something (which they haven't), the warning is just that
and nothing more. There's no action to be taken other than to not trust
Trust Wallet, perhaps, given their own vulnerabilities in the past as
discussed here.
https://www.ccn.com/news/crypto/trust-wallet-imessenger-alert-security-failings-ios-app-vulnerabilities/
Alan
2024-04-29 01:56:57 UTC
Reply
Permalink
Post by Mickey D
The latest news shows Apple won't confirm or deny the bug,
but nobody else yet has been able to confirm the bug, so for now, at least
until Apple says something (which they haven't), the warning is just that
and nothing more. There's no action to be taken other than to not trust
Trust Wallet, perhaps, given their own vulnerabilities in the past as
discussed here.
https://www.ccn.com/news/crypto/trust-wallet-imessenger-alert-security-failings-ios-app-vulnerabilities/
Weird.

Did you you start this thread with:

"Disable iMessage NOW!"

:-)
Tyrone
2024-04-29 03:15:44 UTC
Reply
Permalink
Post by Alan
Post by Mickey D
The latest news shows Apple won't confirm or deny the bug,
but nobody else yet has been able to confirm the bug, so for now, at least
until Apple says something (which they haven't), the warning is just that
and nothing more. There's no action to be taken other than to not trust
Trust Wallet, perhaps, given their own vulnerabilities in the past as
discussed here.
https://www.ccn.com/news/crypto/trust-wallet-imessenger-alert-security-failings-ios-app-vulnerabilities/
Weird.
"Disable iMessage NOW!"
:-)
As I said above, "There is no way I am going "Disable iMessage NOW!" because
some
weirdo Bitcoin goofball says so."

Because the whole "Bitcoin" thing is SO reliable and trustworthy.

Once again, proving just how low the trolls will go. They will jump on ANY
"Apple Bad News" in their desperate, non-stop mission to "score points".

Pathetic. When WILL these kiddies grow up?

Jörg Lorenz
2024-04-19 05:20:53 UTC
Reply
Permalink
Post by Mickey D
The recommendation by Trust Wallet is to disable iMessage until Apple
figures out how so many holes have been recently found in their platform.
Trust Wallet has stated that dark web hackers are targeting iPhone and iOS
users through zero-day exploits in Apple's default messaging app, iMessage.
Who the fuck is Trust Wallet? Why sould I listen to them instead of Apple?

You are an idiot and Troll!
--
"Gutta cavat lapidem." (Ovid)
Hank Rogers
2024-04-19 07:03:54 UTC
Reply
Permalink
Post by Jörg Lorenz
Post by Mickey D
The recommendation by Trust Wallet is to disable iMessage until Apple
figures out how so many holes have been recently found in their platform.
Trust Wallet has stated that dark web hackers are targeting iPhone and iOS
users through zero-day exploits in Apple's default messaging app, iMessage.
Who the fuck is Trust Wallet? Why sould I listen to them instead of Apple?
You are an idiot and Troll!
Jughead, are you sure he’s not Arlen?
Jolly Roger
2024-04-19 17:44:12 UTC
Reply
Permalink
Post by Mickey D
The recommendation by Trust Wallet is to disable iMessage
Yes, everyone should definitely disable iMessage based on a questionable
and unverified claim that totally isn't bogus:

A crypto wallet maker’s warning about an iMessage bug sounds like a false alarm
<https://techcrunch.com/2024/04/16/a-crypto-wallet-makers-warning-about-an-imessage-bug-sounds-like-a-false-alarm/>
---
Lorenzo Franceschi-Bicchierai11:51 AM PDT•April 16, 2024

A crypto wallet maker claimed this week that hackers may be targeting
people with an iMessage “zero-day” exploit — but all signs point to an
exaggerated threat, if not a downright scam.

Trust Wallet’s official X (previously Twitter) account wrote that “we
have credible intel regarding a high-risk zero-day exploit targeting
iMessage on the Dark Web. This can infiltrate your iPhone without
clicking any link. High-value targets are likely. Each use raises
detection risk.”

The wallet maker recommended iPhone users to turn off iMessage
completely “until Apple patches this,” even though no evidence shows
that “this” exists at all.

The tweet went viral, and has been viewed over 3.6 million times as of
our publication. Because of the attention the post received, Trust
Wallet, which is owned by crypto exchange Binance, hours later wrote a
follow-up post. The wallet maker doubled down on its decision to go
public, saying that it “actively communicates any potential threats and
risks to the community.”

When reached by email, Trust Wallet’s John Broadley declined to provide
TechCrunch with evidence of the company’s claim. Trust Wallet Chief
Information Security Officer Eve Lam reiterated the company’s advice to
users, also without providing evidence for the claim that there’s an
imminent threat.

Apple spokesperson Scott Radcliffe declined to comment when reached
Tuesday.

As it turns out, according to Trust Wallet’s CEO Eowyn Chen, the “intel”
is an advertisement on a dark web site called CodeBreach Lab, where
someone is offering said alleged exploit for $2 million in bitcoin
cryptocurrency. The advert titled “iMessage Exploit” claims the
vulnerability is a remote code execution (or RCE) exploit that requires
no interaction from the target — commonly known as “zero-click” exploit
— and works on the latest version of iOS. Some bugs are called zero-days
because the vendor has no time, or zero days, to fix the vulnerability.
In this case, there is no evidence of an exploit to begin with.

A screenshot of the dark web ad claiming to sell an alleged iMessage
exploit. Image Credits: TechCrunch A screenshot of the dark web ad
claiming to sell an alleged iMessage exploit. Image Credits: TechCrunch

RCEs are some of the most powerful exploits because they allow hackers
to remotely take control of their target devices over the internet. An
exploit like an RCE coupled with a zero-click capability is incredibly
valuable because those attacks can be conducted invisibly without the
device owner knowing. In fact, a company that acquires and resells
zero-days is currently offering between $3 to $5 million for that kind
of zero-click zero-day, which is also a sign of how hard it is to find
and develop these types of exploits.

Given the circumstances of how and where this zero-day is being sold,
it’s very likely that it is all just a scam, and that Trust Wallet fell
for it, spreading what people in the cybersecurity industry would call
FUD, or “fear uncertainty and doubt.”

Zero-days do exist, and have been used by government hacking units for
years. But in reality, you probably don’t need to turn off iMessage
unless you are a high-risk user, such as a journalist or dissident under
an oppressive government, for example.

It’s better advice to suggest people turn on Lockdown Mode, a special
mode that disables certain Apple device features and functionalities
with the goal of reducing the avenues hackers can use to attack iPhones
and Macs.

According to Apple, there is no evidence anyone has successfully hacked
someone’s Apple device while using Lockdown Mode. Several cybersecurity
experts like Runa Sandvik and the researchers who work at Citizen Lab,
who have investigated dozens of cases of iPhone hacks, recommend using
Lockdown Mode.

For its part, CodeBreach Lab appears to be a new website with no track
record. When we checked, a search on Google returned only seven results,
one of which is a post on a well-known hacking forum asking if anyone
had previously heard of CodeBreach Lab.

On its homepage — with typos — CodeBreach Lab claims to offer several
types of exploits other than for iMessage, but provides no further
evidence.

The owners describe CodeBreach Lab as “the nexus of cyber disruption.”
But it would probably be more fitting to call it the nexus of
braggadocio and naivety.

TechCrunch could not reach CodeBreach Lab for comment because there is
no way to contact the alleged company. When we attempted to buy the
alleged exploit — because why not — the website asked for the buyer’s
name, email address, and then to send $2 million in bitcoin to a
specific wallet address on the public blockchain. When we checked,
nobody has so far.

In other words, if someone wants this alleged zero-day, they have to
send $2 million to a wallet that, at this point, there is no way to know
who it belongs to, nor — again — any way to contact.

And there is a very good chance that it will remain that way.
---

Believe the Trust Wallet FUD, folks! RUN, don't walk, to your nearest
fallout shelter! The sky is on fire! Trust us!
--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR
Alan Browne
2024-04-20 12:20:14 UTC
Reply
Permalink
Post by Mickey D
The recommendation by Trust Wallet is to disable iMessage until Apple
Pearl Clutching Panic.
--
“Patriotism is when love of your own people comes first;
nationalism, when hate for people other than your own comes first.”
- Charles de Gaulle.
Peter
2024-04-20 14:17:45 UTC
Reply
Permalink
Post by Alan Browne
Post by Mickey D
The recommendation by Trust Wallet is to disable iMessage until Apple
Pearl Clutching Panic.
Because Apple has never sufficiently tested their iOS software for holes,
the most exploited bugs are in Webkit, the kernel, and in the messaging.
Jolly Roger
2024-04-20 21:21:19 UTC
Reply
Permalink
Post by Peter
Post by Alan Browne
Post by Mickey D
The recommendation by Trust Wallet is to disable iMessage until Apple
Pearl Clutching Panic.
Because Apple has never sufficiently tested their iOS software for holes,
Poor, little Arlen - he's a broken record with no new trolling ideas.
--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR
Bob Campbell
2024-04-21 23:08:46 UTC
Reply
Permalink
Post by Jolly Roger
Post by Peter
Post by Alan Browne
Post by Mickey D
The recommendation by Trust Wallet is to disable iMessage until Apple
Pearl Clutching Panic.
Because Apple has never sufficiently tested their iOS software for holes,
Poor, little Arlen - he's a broken record with no new trolling ideas.
He does not need any “new trolling ideas” because the usual suspects
continue to reply to his old trolling ideas.

The problem is not that “Apple lives rent free in his head”. The problem
is that HE lives rent free in YOUR head.
Loading...