sevg a day ago

The article doesn’t define “IOC”, so if (like me) you didn’t know the abbreviation: Indicators Of Compromise.

(They actually do use the expanded form in the article, just without some parentheses afterwards on the first usage of the phrase.)

Maybe everyone but me knows the abbreviation, but in case it helps _someone_ out there!

  • dry_soup a day ago

    Thank you. The only IOC I know of is the International Olympic Committee.

    • bnastic 21 hours ago

      Or if you work in trading, IOC made it a very confusing title

      • CaptainOfCoit 20 hours ago

        I'm a programmer, designer and architect, so my mind immediately went to "Inversion of Control"

        • misnome 17 hours ago

          Or Input/Output Controller (scientific facility control layer tech)

  • KernalSanders 21 hours ago

    Thank you for this!

    Abbreviations and acronyms are highly inefficient if not defined clearly and up front. It also creates a division between those who know and those who don't.

    I absolutely detested seeing "ISO" suddenly everywhere on Facebook and Nextdoor in place of "in search of". If you didn't know that before, you know it now, but you may also be annoyed by it not being about the international organization for standardization, which also goes by ISO, but not for any reason people would magically guess, without a background in Greek. (ISO explains that, since the acronym would differ in every language, ISO is actually derived from isos, which means "equal". Happy coincidence that it almost matches the name of the organization, but could also become obscure with time and lost history.)

    For our company, I've been very clear that we don't make up acronyms unless a layperson could reasonably guess what it stands for, and also not confuse it for something else.

    • alexjplant 11 hours ago

      The web already had terminology for this in online enthusiast forums: WTB (Want to Buy), FS (For Sale), FT (For Trade), etc. The slow death of the open web in favor of platforms has evidently caused a lot of rework like this. Other notable examples include backwards emoticons (: and DM instead of PM.

      • scrps 9 hours ago

        The corp platform model seems to excel at abstracted wheel re-inventing and then pretending it is innovation.

    • CaptainOfCoit 19 hours ago

      > It also creates a division between those who know and those who don't.

      Yeah, it's called "expertise" and it isn't as bad as you seem to think. Blogs for security professionals will use jargon and technical words aimed at other security professionals, and that's OK, not everything on the web is for everyone.

      Just like how in my game development blog I don't explain what a "loop" is because I'm assuming the audience knows basic programming already, otherwise every article would be balloon out of scope easily.

      • eviks 16 hours ago

        Good that you added quotation marks, because otherwise it is as bad as he thinks - the typical bad technical communication, wasting the whole first page saying ~nothing with some AI slop image to boot, but not thinking about adding 5 symbols, yes, of course, out of the imaginary fear that the article would "balloon out of scope".

      • riehwvfbk 17 hours ago

        TLAs are not basic knowledge, or expert knowledge. They are expertise theater.

      • akerl_ 18 hours ago

        A quick skim of https://iverify.io/blog makes it seem pretty clear that iVerify’s audience is people who are interested in security, not just existing industry experts.

        • CaptainOfCoit 18 hours ago

          But then skim the submission article and try to evaluate which audience it seems written for.

          Considering they have stuff like "Located within the Sysdiagnoses in the Unified Logs section (specifically, Sysdiagnose Folder -> system_logs.logarchive -> Extra -> shutdown.log)" in the article, my guess is that they're aiming for people who at least have a basic understanding of security, not general users, as those wouldn't understand an iota of that.

          • eviks 16 hours ago

            Considering there is actualy not an iota of technically security challenging stuff (specifically, any computer user can understand your quote that there is a log file located at some path, there is 0 security understanding required there), using your own logic we can deduce the general audience was the target

            • CaptainOfCoit 16 hours ago

              The typical/general computer user wouldn't even understand the ">" character, I think you either don't grasp the wide range of people who sit in front of computers daily, or you over-estimate their ability of grasping computer concepts, because you'd say that sentence to the typical computer user and most of them wouldn't understand most of it.

              • eviks 15 hours ago

                That's fine, you don't need to understand the > character, it clearly says there is some log file located at some folder.

                > because you'd say that sentence to the typical computer user and most of them wouldn't understand most of it.

                Yeah, do try that, just not your cut version focusing on the irrelevance of a specific path and the meaning of >, but the whole paragraph. Do see how many people fail to understand that there was some file at some folder. You could even ask extra SAT questions "what do you thing a "shutdown log" is, does it record activities during device shutdown?")

          • akerl_ 17 hours ago

            This argument seems neatly circular.

            Any example where somebody says an article doesn’t do a great job defining its terms just becomes proof that the authors only wanted readers who already understand the terms.

            • pcthrowaway 16 hours ago

              I think it's fine for the magazine, but I would have liked to see it expanded in the HN submission title, since many of us are not cybersecurity specialists.

            • CaptainOfCoit 17 hours ago

              Some stuff is written for some people, other stuff is written for other people. This shouldn't be hard to understand, nor particularly novel either.

    • integralid 19 hours ago

      I assume this blog post is targeted for the security community, where IoC is universally understood. Of course it is confusing on HN, but authors are free to assume their audience - like we don't define what HTTP, MVC and "btw" mean every time we use it. Or, for a better example, HN and YC are used here all the time, but would be confusing for outsiders (and should be defined outside of HN context).

  • trillic 10 hours ago

    There are only 17,576 unique TLAs (three-letter acronym).

  • DonHopkins 14 hours ago

    Thank you! I had no idea what IOC stands for in that context either, and appreciate the definition.

    In other HN discussions there have regularly been divisive gatekeeping trolls who, in response to people asking what acronyms stand for and suggesting articles like this define them after their first use, are inexplicably and vehemently opposed to defining acronyms, and who argue incessantly that acronyms should not be defined because everyone should already know what they are, and criticize people who don't already know, because they are meant to be excluded from the discussion. What possible motivations could they have?

    I just don't understand that mindset, but I suspect there's a big overlap between them and the trolls who regularly throw tantrums about accessibility, usability, diversity, equity, and inclusion, and see empathy as a weakness, since it's a similar exclusionary mindset.

    The anti-accessibility trolls are incredibly foolish and short sighted (pun intended) to not realize that unless you are "lucky" enough to die at an early age, EVERYONE is going to need and benefit from accessibility and inclusive interface design.

    Edit: Oh I see one of them has dropped in and taken their precious time to argue back and forth in several posts, with orders of magnitude more words and off-topic noise than it would have taken to simply define the acronym in the first place and move on, thereby undermining their own circular arguments. What a sowapphtdo (strange obsession with a particularly pointless hill to die on)!

    I like riehwvfbk suggestion: "expertise theatre". (But what does riehwvfbk stand for? ;)

benzible a day ago

If we didn't already know this, Apple's previous positioning as the privacy company was just branding with zero actual conviction behind it. Now, just as ICE contracts with Paragon for zero-click spyware that bypasses encrypted apps, Apple erases the key forensic artifact for detecting state-sponsored mobile surveillance. Along with Cook's cash-and-gold-for-tariff-exemptions scheme, they're racing to the bottom with the rest of big tech.

  • vlovich123 19 hours ago

    > Apple's previous positioning as the privacy company was just branding with zero actual conviction behind it

    As someone who actually worked there a decade ago, that doesn’t reflect the attitudes and positions of people I worked with then. And many people generally tend to stay working at Apple for long periods of time.

    I can’t speak if that’s changed or other things happening, but this could easily be just a late-introduced bug as it wasn’t present in earlier betas as someone noticed - my expectation would be such a change would be present quite early. I would be very very surprised something this insignificant was a late introduced change at the request of the government - Apple historically just doesn’t act that way (see the San Bernardino row over unlocking the iPhone for the FBI).

    • benzible 15 hours ago

      I'm sure the people you worked with still care about privacy, but these decisions get made at the top regardless of what rank-and-file employees think. Apple employees donated nearly 20:1 for Harris over Trump, so we can safely assume they weren't supportive of Tim Cook presenting him with gaudy personal gifts or allowing Stephen Miller to curate the App Store. I suspect Cook personally loathes Trump, in contrast to other CEOs like Zuck, and now Benioff, who are clearly all in. He may even sincerely care about privacy himself, however he's shown zero backbone.

      • vlovich123 13 hours ago

        I have literally 0 times in my career observed a change like this come from the top. Maybe it happens but somehow I doubt it. A non trivial part of the market cap of Apple is built around trust, privacy, and security. You may think whatever you want of the quality of the people at any level, but I’d imagine they’re all aligned on protecting the brand be their financial future. They aren’t driven by short term bets and thinking.

        • int0x29 11 hours ago

          Apple's response to XCodeGhost was to draft a breach notification to everyone impacted and then not send it as it would impact their brand.

          • vlovich123 10 hours ago

            Public comms is decidedly a leadership decision at all times - you don’t have ICs or even managers spouting off in the press or releasing press releases. They may have mishandled it but that’s their purview and yes it can impact their brand although I’m not sure I’m seeing the long term negative ramifications from that and they made technical changes to mitigate such issues going forward. That is all very different from management making an IC develop a single specific more obscure technical change like this.

          • techsystems 11 hours ago

            Any article you recommend on this?

        • benzible 11 hours ago

          I'm sure that's true, but your personal experience as [presumably] rank-and-file wouldn't have given you visibility into C-suite machinations. The ruling in the App Store case this year documented that Cook personally overruled Schiller's compliance recommendations, made the decision to violate the judge's court order on fees, and then tried to hide those meetings from the court - resulting in contempt findings and a criminal referral. Those are top-down decisions, on the record, with executives lying about it, which wouldn't have been known outside the inner sanctum but for this case. Not at all consistent with "trust", in a matter that directly harms consumers.

          Regarding the basis of Apple's market cap, I would suggest that profitability ranks a bit higher than privacy. Apple's potential tariff burden was $44 billion annually, reduced to $7 billion after Cook plied the mad king with flattery, gold and cash. Apple had lost $300 billion in market value before Trump exempted smartphones, then immediately regained its $3 trillion market cap.

          Privacy is nice brand positioning, but the truth behind it was always that Apple wasn't beholden to "surveillance capitalism" like the other tech behemoths as hardware was their primary profit center. This allowed them to take the high ground on this one, while coincidentally kneecapping Meta and others with App Tracking Transparency - which cost Meta an estimated $10 billion in 2022 alone and hit Google as well. But ATT only blocks third-party tracking across apps and websites - it doesn't apply to Apple's own growing advertising business, which uses first-party data from the App Store, Apple News, etc. Apple claims they don't "track users across apps and websites owned by other companies" - but they absolutely track within their own walled garden for their expanding ad business.

          And the iOS 26 removal of Pegasus/Predator detection artifacts right as ICE activates Paragon spyware contracts? Maybe a coincidental bug, maybe what happens when keeping Trump happy is worth tens of billions.

          • JumpCrisscross 11 hours ago

            > your personal experience as [presumably] rank-and-file wouldn't have given you visibility into C-suite machinations

            But yours does?

            I know some fairly high-up folks in Cupertino. They care about privacy more than the median American, possibly the median techie. They overshot in San Bernardino precisely because they were internally calibrated off the political mark.

            • benzible 8 hours ago

              Where did I claim my personal experience gave me insight into C-suite decisions? I haven't appealed to personal experience for anything - I've cited court rulings, financial data, and documented executive behavior. But since you've brought it up, now I will.

              In my experience, people want to believe they're good, that they're doing good things, and that the institutions they're associated with are good. You say you "know some fairly high-up folks in Cupertino" - taking that at face value, that means either: (a) you're of similar status, in which case they may be personal friends or peers you naturally view charitably, or (b) you're of lesser status and get social capital from knowing high-status people, which creates its own incentives to view them favorably.

              But here's the thing: "knowing someone" to some unknown degree doesn't give you access to their innermost thoughts and beliefs. You're inferring their true convictions from their behavior and what they tell you - the very behavior I'm arguing demonstrates something other than absolute commitment to privacy principles. It's easy to believe you'd stand on principle when your financial interests happen to align with it - the real test is when they conflict, and we're seeing that now.

              This is actually why having some distance gives _more_ insight, not less. Every white-collar criminal convicted of horrific personal or corporate malfeasance has had plenty of people vouching for them based on "knowing them" - shocked that this person they knew would have done what the evidence clearly showed they did.

              The San Bernardino case you cite as evidence of Apple's privacy conviction? That was 2016, when Apple's business interests happened to align with privacy advocacy - their profit center was hardware, not surveillance capitalism like Meta or Google, so taking a stand cost them nothing and disadvantaged competitors. It also came during Obama's administration and Trump's first term, when the costs of corporate pushback against government demands were considerably lower than they are now, for reasons I've outlined elsewhere.

              Here's the reality: the theory that corporations act in their financial interest is almost completely predictive. The theory that "good guys at the top" will protect principles when those principles conflict with tens of billions in market cap? Not so much.

          • vlovich123 10 hours ago

            Again you’re talking about decisions that C suite will decidedly care about and be their purview to make. First the App Store stuff wasn’t a privacy or security thing - this is Apple deciding how to navigate the EU regulatory environment. A CEO exists precisely to make these kinds of decisions.

            I’ll point you to Apple developing the privacy-preserving CSAM scanning feature which got approved at lower levels and then got pulled back when it actually started hurting their brand. They respond to this stuff and I don’t think perfection is a reasonable bar.

            > And the iOS 26 removal of Pegasus/Predator detection artifacts right as ICE activates Paragon spyware contracts? Maybe a coincidental bug, maybe what happens when keeping Trump happy is worth tens of billions.

            And if iOS 26.1 or 27 restores previous behavior or does that change the narrative you’ve built in your head and you’ll just say “of course - they just got caught”? If you can’t falsify your narrative there’s no point having a constructive argument - I can’t factually argue you out of a position you didn’t argue yourself factually into.

            • benzible 8 hours ago

              You just moved the goalposts from "I have literally 0 times in my career observed a change like this come from the top" to "well of course the C-suite makes those decisions - that's their purview." Which is it? And calling what happened in the Epic case "navigating the EU regulatory environment" is quite the Orwellian turn of phrase when what actually occurred was violating a court order, lying to the judge about it, and earning a criminal referral. Elsewhere you justified Apple drafting breach notifications for XCodeGhost and not sending them because "it can impact their brand" and you're "not sure I'm seeing the long term negative ramifications" - so leadership decisions that prioritize brand protection over user notification are fine when they don't blow up later?

              Your CSAM example perfectly illustrates my point, not yours - Apple pulled back "when it started hurting their brand," meaning they respond to financial and reputational pressure, not pure privacy principles. And you're asking if I'd change my view if iOS 26.1 restores the logging? Sure - that would be evidence it was unintentional [or that pushback raised the costs - see Disney / Kimmel]. But right now I'm looking at documented patterns: $37B in tariff relief, gold gifts to Trump, court findings of deception, and suspicious timing on forensic artifacts. You're arguing from "I knew people there who cared" a decade ago. Which of us is reasoning from evidence that can be falsified?

      • Aurornis 15 hours ago

        > Apple employees donated nearly 20:1 for Harris over Trump, so we can safely assume they weren't supportive of Tim Cook presenting him with gaudy personal gifts

        Every company works with whoever gets elected. This isn’t new. It isn’t indicative of political support. It’s just how business is done.

        • benzible 15 hours ago

          This isn't 'business as usual' on multiple levels.

          First, I never claimed Cook "supports" Trump - as I said, I suspect he personally loathes him. The point is that corporations are making unprecedented concessions to avoid Trump's wrath.

          Second, companies push back on government constantly when it serves their interests. Apple previously fought the FBI over privacy, but more typically companies push back or evade the law for financial benefit, not principles. When penalties are low enough they accept them as the cost of doing business, e.g. Meta's consistent, willful FTC consent decree violations.

          Third, openly bribing a sitting president with a 24-karat gold gift is not normal corporate behavior. The Trump administration has used state power to control private enterprise in a completely unprecedented way: tariff threats as extortion, DOJ investigations targeting companies over DEI programs, prosecution of high-profile figures who resist - mostly political enemies so far but Zuckerberg faced threats of "life in prison" before he showed sufficient fealty.

          I'm waiting for the whataboutism replies here, and executive overreach was a thing in the past, but Trump has fundamentally changed the character of the US system of government. The enabling environment is unprecedented: a Congress with zero interest in oversight and a Supreme Court granting immunity for official acts. When you combine unlimited executive power with no checks, corporate capitulation isn't "just business" - it's rational fear of an authoritarian using every lever of government to punish dissent.

        • bigyabai 14 hours ago

          That makes it that much easier to stop supporting them, in my eyes. Tim has the option to draw the line in the sand, but he's reliant on protectionist US control more than ever now.

  • neilv a day ago

    Can we assume that Apple will continue to fail to secure the iPhone against these spyware companies?

    • Gigachad a day ago

      Memory integrity enforcement added to the iPhone 17 range is probably going to be huge for preventing future exploits. At risk people should probably also enable lockdown mode.

      • bigyabai 14 hours ago

        Blastdoor was also supposed to be "huge" for preventing future exploits. Worked great up until NSO Group developed FORCEDENTRY.

        • commandersaki 9 hours ago

          MIE eliminates a whole class of bugs (memory corruption) and has demonstrated that it stops full chains but also renders them unusable if parts get swapped out.

          See: https://security.apple.com/blog/memory-integrity-enforcement...

          And some interesting excerpts:

          Both approaches revealed the same conclusion: Memory Integrity Enforcement vastly reduces the exploitation strategies available to attackers. Though memory corruption bugs are usually interchangeable, MIE cut off so many exploit steps at a fundamental level that it was not possible to restore the chains by swapping in new bugs. Even with substantial effort, we could not rebuild any of these chains to work around MIE. The few memory corruption effects that remained are unreliable and don’t give attackers sufficient momentum to successfully exploit these bugs.

          Notably, attackers confront Memory Integrity Enforcement early in the exploitation process. Although some issues are able to survive MIE — for example, intra-allocation buffer overflows — such issues are extremely rare, and even fewer will lend themselves to a full end-to-end exploit. Inevitably, attackers must face MIE at a stage where their capabilities are still very limited, leaving few viable avenues for exploitation. This leads to fragile chains where breaking just one step is often enough to invalidate the entire exploit strategy. When that happens, most of the chain’s components can’t be reused, and the attackers have to restart exploit development with entirely new bugs.

        • Gigachad 7 hours ago

          MIE is preventing an entire exploit category permanently. Blastdoor is just being more careful in a specific area of the code. It's also not just a case of is it possible to exploit or not, but how much does it cost to develop an exploit, and how long do they last for.

          If it costs you millions of dollars for an exploit that gets patched a week after it's deployed, you can't use that for mass surveillance. If it costs you hundreds of millions, you can hardly use it for targeted attacks either. The cost of exploiting phones is constantly going up. It used to be within the ability of a single hobbyist developing a jailbreak. Now it's only in reach of the most well funded hacking groups for highly targeted attacks.

    • hulitu 17 hours ago

      > Can we assume that Apple will continue to fail to secure the iPhone against these spyware companies?

      Fail is an overstatement. Apple is part of PRISM and the functionality is working as intended. When a hole becomes public, it is quickly patched.

      • JumpCrisscross 11 hours ago

        > Apple is part of PRISM

        PRISM was semi voluntary. And the legal immunities it operated under expired in 2017.

        • bigyabai 10 hours ago

          PRISM was also disclosed through a whistleblower, not a FOIA request. I commend your naivete if you seriously think Apple was included in the old wiretaps but exempted from the new ones.

          • JumpCrisscross 9 hours ago

            > if you seriously think Apple was included in the old wiretaps but exempted from the new ones

            Irrelevant to the inaccuracy of the statement “Apple is part of PRISM.” Present tense. (Emphasis mine.)

            It’s important in these discussions to separate the nihilists who are convinced all is always lost from those who know what they’re talking about.

            • bigyabai 9 hours ago

              It's a pedantic distinction with presumably zero consequences.

              Which is important to identify as it separates the eternally hopeful from those who've seen this cycle before.

              • JumpCrisscross 9 hours ago

                > It's a pedantic distinction with presumably zero consequences

                You say from unfalsifiable supposition.

                That’s fine. You may not be wrong. But if the only evidence is mis-citing a shuttered programme, that’s important to note, too.

      • commandersaki 9 hours ago

        Out of curiousity, what do you think PRISM actually is?

      • udev4096 13 hours ago

        This. Apple, along with every "evil big tech", is in bed with NSA which was proven with PRISM

    • Hilift 18 hours ago

      "fail to secure"?

      Do you really think that with all of the years of iPhone device and account takeovers, from a text message requiring no reading or interaction, Apple with their maximum controlled walled garden aren't facilitating? Apple spent billions moving factories because the US government told them to. They are the keymaker.

      Apple could do a lot of things, such as preventing the black market for stolen phones from existing. A single city, London, had 80,000 phones stolen in 2024.

      "...Onwurah argued that "robust technical measures" such as blocking stolen phones taken overseas from accessing cloud services could make devices "far less valuable".

      "She also pointed to comments by Mobile UK, the trade association of the UK's mobile network operators, who said blocking IMEI in other countries was a "necessary step to dismantle the business model of organised crime".

      "However, she said when giving evidence, Apple, Google and Samsung had avoided saying why they would not implement the technology." <--**

      https://www.bbc.com/news/articles/cx2y037pg41o

      • gruez 18 hours ago

        >Apple could do a lot of things, such as preventing the black market for stolen phones from existing. A single city, London, had 80,000 phones stolen in 2024.

        Doesn't iCloud lock basically already makes a stolen iPhone unusable? What more do you want?

        • dylan604 15 hours ago

          To be able to lock a phone without having access to the iCloud account. If I have devices on my account that was provided to someone to use with their own iCloud account but they refuse to turn them over to me, there is no way I can shut that account down. I can report the IMEI as stolen, but they are free to continue using it as a wifi only device. If they attempt to move the device to a new provider, they are supposed to say no since the IMEI is reported stolen. Not sure how well the lower tier providers pay attention to that though.

          TL;DR if the device is stolen from you by a stranger, this is possible. If the device is stolen from you by someone you permitted to use the device, this is not possible

          • gruez 15 hours ago

            >TL;DR if the device is stolen from you by a stranger, this is possible. If the device is stolen from you by someone you permitted to use the device, this is not possible

            I suspect these kinds of thefts are a small fraction of the "80,000 phones stolen in 2024" that OP was talking about. Moreover the only plausible case I can think of this happening is for corporate devices, which can be MDN enrolled and locked to a particular organization.

            • dylan604 15 hours ago

              Small business (<5 people) that doesn't have an IT staff. Even a civil case is too expensive to do anything about it.

              • gruez 15 hours ago

                Your expectations are entirely unreasonable. Apple already provides a way for businesses to lock their devices through a web interface, which might require 1-2 hours for a non-technical person to figure out but doesn't exactly need a whole IT department to operate either. It's certainly not out of reach for "Small business (<5 people)". On the other hand you want Apple to get into the business of locking phones on demand, which is both labor intensive (you need people to manually validate each case) and prone to abuse (eg. in the case of second-hand sales). This is like expecting you should be able to walk into any Apple store and request any iPhone you "own" to be remote wiped/locked, just because you're too lazy to set up a pin/iCloud on your phone.

                • dylan604 14 hours ago

                  I want to be able to lock the devices. I don't want apple to do anything. It's a shit situation. It doesn't mean that I don't still want something that can't be done. You're also victim blaming here, and it's definitely not helpful or even appreciated. Yes, someone put trust, however unwarranted it may have been, in someone without considering the worst outcome. Sure, lesson learned, but piling on to what's obvious someone else's misery is just a big fuck you so early in the weekend. Your heartlessness is awesome. This is like you thinking you know all of the details when you clearly don't

                  • gruez 13 hours ago

                    > I want to be able to lock the devices. I don't want apple to do anything. It's a shit situation. It doesn't mean that I don't still want something that can't be done.

                    So to confirm, you don't want Apple to remote lock phones after a theft, and you can already lock phones before a theft. What's missing? Do you want them to put a placard in every iPhone box reminding small businesses owners to lock their phones with MDN?

                    >You're also victim blaming here, and it's definitely not helpful or even appreciated.

                    You playing "victim blaming" card to dismiss arguments isn't appreciated either. It's not "victim blaming" to point out that contrary to what you claim, Apple provides ways to lock phones and that they're not particularly onerous.

        • hopelite 16 hours ago

          I’m not sure of the whole dynamic of the stolen phone black market, but if iPhones are still stolen, it seems iCloud lock does not sufficiently deter the practice.

          • gruez 15 hours ago

            Right, because they're broken down for parts, but there's only so much you can do. For one, every time Apple tries to do something to lock down parts, right to repair people decry it as some sort of trojan horse to shut down third party repairs. Moreover even with parts serialization, there's only so much you can do. There's no inherent way for a bag of electrolytes to identify itself to a phone. The best you can do is add a chip to it and identify using that, but you can't prevent that chip from being transferred.

            • commandersaki 9 hours ago

              In recent versions of iOS it now shows repair history of a phone and if a part is genuine or not. That places a new tier in the market of parts for those with legitimate provenance, as customers of repair shops will now know what they're getting.

            • bigyabai 14 hours ago

              Apple can do parts lockdown while also allowing users to service their phone safely with third-party components. The Right to Repair crowd gets angry not because of parts serialization, but because Apple uses it as an excuse to stop you from fixing your phone and reinforce monopoly control.

              • labcomputer 10 hours ago

                How do you distinguish between a legitimate third party component and a stolen one with the serial number wiped?

                • bigyabai 10 hours ago

                  Stronger first-party DRM?

          • stavros 10 hours ago

            Phones aren't stolen for the phone, they're stolen because carriers enable the theft. There's a reason why thieves now cycle around on e-bikes and grab the phone from your hand, and the reason is premium rate phone numbers and shortcodes. They want the phone unlocked because they start texting as many SMS shortcodes (that they control) as they can, siphoning thousands of dollars worth of purchases off you.

            If you make the mistake of not notifying the carrier immediately, which you won't think to do because everyone thinks the phone was stolen for the phone itself, you're on the hook for the charges.

            Carriers know that no legitimate users use (or even know of) shortcodes, yet they have them enabled by default on all plans, exactly because they take a cut from this theft and they can turn a blind eye to it by pretending the charges are consensual.

        • udev4096 13 hours ago

          Why is iCloud lock such a casual, non-concerning topic? It just shows you don't own your over priced iCrap because iClown can remotely brick it at any point

          • gruez 8 hours ago

            For most people that's an acceptable trade-off. The alternative is some sort of self custody (and bricking it if you lost your keys), or no anti theft protection at all.

      • throwaway48476 14 hours ago

        You cant solve thefts with just technology. You need to lock up the criminals.

    • throwaway48476 14 hours ago

      Apple isn't even trying to secure the iPhone. They could have rewritten the imessage parsers in a memory safe language. It would at least take a big byte out of the zero click exploits.

      • commandersaki 9 hours ago

        They've been using Swift for targeted code rewrites; wouldn't be surprised if those parsers will or have been rewritten already.

        • superdisk 4 hours ago

          Swift is a ridiculously far cry from a memory safe language.

  • pas 6 hours ago

    they have a bug bounty program, they do pay, they have the SDR program, etc.

    does this show conviction or it's just basic prevention of brand damage?

    could they do more? of course.

    can any company stand up to Trump? unlikely.

  • udev4096 13 hours ago

    It's been there from the beginning. Apple is very good at deceptive marketing, from promising false privacy protections and impossible to repair to lying about being eco friendly. Apple users are extremely naive, stupid and loves to live in denial of Apple's wrongful and outright manipulative actions.

    If you are a high target or require better privacy & security, GrapheneOS is the best option which delivers on everything it promises

mikeiz404 10 hours ago

- The IOC is a cleared shutdown log.

- The update now clears the shutdown log each boot.

> This led to the conclusion that a cleared shutdown.log could serve as a good heuristic for identifying suspicious devices.

> With iOS 26 Apple introduced a change—either an intentional design decision or an unforeseen bug—that causes the shutdown.log to be overwritten on every device reboot instead of appended with a new entry every time, preserving each as its own snapshot. This means that any user who updates to iOS 26 and subsequently restarts their device will inadvertently erase all evidence of older Pegasus and Predator detections that might have been present in their shutdown.log.

saagarjha 21 hours ago

I guess at scale every minor fix is a spacebar heater for someone else. I assume Apple is probably going to bring this back to pacify the iVerify people but long term they are going to keep making these changes and mercenary spyware is going to learn how to hide itself better. I really think it’s time to start thinking about strategies that go beyond forensic artifacts…

  • isodev 18 hours ago

    > I assume Apple is probably going to bring this back to pacify

    Pegasus and Predator were VERY widely publicised exploits in iOS, I find it shortsighted for Apple not to have control over how these get identified in the first place.

    It's also frustrating that the entire "your iPhone is safe and private" assumption is a black box and we only have Fruitcorp's assurances that they're doing the right thing. So imagine, people finding all kinds of bugs on iOS26 ... how is one to believe these bugs and glitches don't extend into security features as well?

    • saagarjha 18 hours ago

      Obviously they do, hence the market for exploits. I'm not sure what you are suggesting they do differently, though.

      • isodev 17 hours ago

        The opposite of what the blogpost informs us they did? Provide more tools and systems to discover and diagnose vulnerabilities, make components open source/open audit, etc. There is non perfect system, but a closed imperfect system is worst.

        • saagarjha 16 hours ago

          I agree but the blog post is completely orthogonal to that

darkamaul a day ago

I’d assume that erasing the shutdown log is also a security measure from Apple, attackers could use it to better understand crash conditions or device behavior.

That said, if we take Apple’s stance on privacy seriously, users should also have deep inspection capabilities on their own devices. After all, they’re supposed to own them.

  • throwaway290 14 hours ago

    An attacker during research would root the device anyways and find any crash conditions even better than shutdown.log. 99.999% users will not root. So this targets users.

  • charcircuit 21 hours ago

    >After all, they’re supposed to own them.

    Just because you own a device, that doesn't mean the manufacturer is obligated to add features you want.

    • user2722 21 hours ago

      I think he/she was being ironic. You either own it or Apple owns it.

      Since there is no sideload and the criptographic keys belong to Apple, then the device belongs effectively to Apple and you just rent it for a fixed fee.

      You can't both own it and not own it depending on the situation, thus exposing Apple's hypocrisy as a well-intended parentified gatekeeper just protecting the users/childified adult users.

      • brookst 15 hours ago

        > I think he/she was being ironic. You either own it or Apple owns it.

        That’s really reductive thinking. I guess the idea is to blur all the different connotations of “own” into one thing and assert they are all the same?

        I “own” a car, but am not allowed to drive it in some situations (if I’m drunk, on the wrong side of the freeway, …). Does that mean the state actually owns it?

        Disregarding context in favor of reductive binaries is the #1 sign of zealotry. You see it everywhere: either a movie is original or it’s not, so Avatar is / isn’t (pick one) because it follows familiar tropes / innovated in visual arts (pick one).

        The world is actually contextual. The moment you throw that out, no meaningful statement can be made.

        • treyd 14 hours ago

          > Does that mean the state actually owns it?

          By registering the car and obtaining a license you are agreeing to obey the rules set out by the state in exchange for permission to use the roadways.

          To steelman the argument, you could argue that by using an iDevice you are using Apple's services and agree to follow the rules set out by them. But there is no such possible way to use an iDevice without relying on Apple's services.

          With a car you can have it delivered and only use it off public roads on your own property. That would be a lot less useful, but it is something people do sometimes, such as with vintage/museum cars, race cars, construction/farm/mining vehicles, etc.

          It's always your vehicle. The issue is the roads not the vehicle. But with an iDevice, even if it's legally "your phone", it's been designed to be impossible to do whatever you want with it within the bounds of the law, which weakens the traditional notion of what it means to "own" something (ie "right of disposal").

          Again to steelman it, the retort is "Apple has the right to manufacture devices in alignment with protecting their business model, if you don't like it then buy other devices". Which is fine normally, except that the only other major similar device manufacturer is starting to do similar kinds of things and our society increasingly depends on the assumption everyone has a phone.

          So what's increasingly becoming the scenario is that you have a choice: either allow your rights over your own property be infringed, or allow your ability to participate in society be infringed.

          • smikhanov 10 hours ago

            > But there is no such possible way to use an iDevice without relying on Apple's services.

            There is. One can go through the iPhone setup wizard and opt out of everything. You don’t need to have any accounts, neither iCloud nor App Store one, or to be logged on to any Apple services to use your phone.

            Someone who knows more about iOS than both you and me could comment further on whether subtle things like aGPS would continue to function as expected, but everything you specifically thought of when you wrote “to use an iDevice” would work.

            • treyd 5 hours ago

              It's still constantly phoning home for things like OS updates.

              And that's not even the main issue, you're still unable to decide what software you're running on it, so Apple controls what you're able to do on it even if you opt out if all of that.

        • leni536 15 hours ago

          > I “own” a car, but am not allowed to drive it in some situations (if I’m drunk, on the wrong side of the freeway, …). Does that mean the state actually owns it?

          No, it means that the state owns the freeway.

          • voakbasda 14 hours ago

            It means the state owns you.

      • charcircuit 21 hours ago

        Goods for the mass consumer all work like this. The manufacturer creates a product and consumers by it if those features provide them value. If a device doesn't have a feature such as online diagnostics they are free to buy a different product instead. If people really want to add their own features they are free to modify the device. It's more economical to just buy another device which is why you don't see people replacing the parts needed to develop your own software on an iPhone. Easy user modification of the OS is not a feature of iPhone and if added could hurt the quality of the product.

        Another way to think of this is imagine if Apple burned the OS into a ROM chip. That doesn't make them the owner of the device because the user can't write to the ROM chip. By that logic no one would own the device because no one can update it, but that can't really be true.

        • kace91 20 hours ago

          I think a difference is that apple has the means to change the behavior of the device after the fact in ways that the person that purchased the product doesn’t.

          This is unique to modern technology, and the fact that they sell you the house keeping sole ownership of the keys to certain rooms is indeed worth examining I think.

        • cbarrick 16 hours ago

          > If people really want to add their own features they are free to modify the device.

          Except that they are not actually given that freedom.

          The entire notion of free software is that users should be free to modify the software stacks of their devices.

          Very few consumer devices are free in that sense. You can't run a custom OS on an iPhone.

          • brookst 15 hours ago

            Free software is a value prop, not a law. And it is counter to the value prop that one entity is entirely responsible for all of the software (even if Apple doesn’t write every line of code, they are responsible for every bit that ships).

            Not everyone cares about the bits. It’s true that the vast majority of consumers prefer having a single supplier to having freedom to run their own bits.

          • charcircuit an hour ago

            >You can't run a custom OS on an iPhone.

            Sure you can, you just need to replace the components that don't let you with ones that allow your custom OS.

  • sim7c00 21 hours ago

    what privs u need to read shutdown log vs what privs u need to see running programs?

    apple always trying to hide things and lock people more out of how the device works. they use privacy as an excuse and even sue and jail ppl who try to look at things properly.

    • frontfor 21 hours ago

      When did Apple “sue and jail ppl” for “try to look at things properly”? I’m pretty sure Apple isn’t legally allowed to jail people.

transpute a day ago

This change was not present in iOS26 betas, hopefully Apple will fix soon, https://www.youtube.com/watch?v=PHijS6jLPxI&t=304s

> If you care about your iOS device security.. reboot every day.. writes a list of running processes to this shutdown.log file.. If you have processes that shouldn't be running, they will get written to this shutdown.log file.. allows you to go back in time and check for IOCs.

darkoob12 a day ago

I always suspected someone inside Apple is making sure that these phones stay vulnerable for Israeli hackers or they don't really fix their bugs.

  • notepad0x90 a day ago

    it's possible,but iphones are apple's flagship product. it would be disastrous for them. i don't think any government contract is worth the cost. They're not google or Microsoft, they're not that big in the enterprise side of things.

    I'm sure if such a relationship became public,most Americans will forget about it in few weeks time and half will be surprised what the big deal is. But apple will lose out on Asia and Europe where it has solid competition. Their hardware is their bread-and-butter.

    It is more plausible for the US government to have planted or extorted an asset working as a developer at apple than apple itself making such a monumentally foolish decision.

    Google and Microsoft on the other hand, that I am fairly certain of.

    But... i digress a bit, only because Tim Cook was kissing the proverbial king's ring a lot lately. donations are one thing, giving gold gifts in person and on national tv is another.

    • sschueller a day ago

      Tim Cook gifted trump a gold base with a glass plate on it like some peasant to a king in front of camers. Apple will bend over backwards to please governments so don't be surprised when it turns out not everything is as secure as claimed in their walled garden.

      • throwaway48476 14 hours ago

        Aren't gifts to the president kept by the government? In the US usually bribery is done by giving jobs to relatives or favorable contracts.

        • mrbombastic 13 hours ago

          Bribery can be done in a myriad of ways but the gift itself is not the valuable thing, it is the display of fealty.

          • throwaway48476 an hour ago

            The point of a bribe is to receive something in exchange for something else.

      • nl a day ago

        I'm not a particular fan of Apple but the gold thing seemed like a good, cheap way to get on Trump's good side, which led to them somehow magically avoiding tariffs.

        I don't think I'd read more into it than that.

        • pprotas a day ago

          Yes, that is exactly the problem. No need to read more into it.

        • jlarocco 16 hours ago

          Yeah, that's always how bribery works.

          From Wikipedia: "Bribery is the corrupt solicitation, payment, or acceptance of a private favor (a bribe) in exchange for official action."

          • VogonPoetry 3 hours ago

            I view it more as a ransom / hostage payment or a response to bullying. There was a threat of tariffs; I'm going to hold your business hostage. The ransom was paid and the tariffs weren't imposed.

            I think a bribe is better defined as "you cannot have this thing you want, unless you give me this". A quid pro quo.

            I guess it comes down to who the "active" party was.

            I would definitely call it a bribe if Tim Cook was the one that asked to get special treatment or lower Tariffs than anyone else and the response was give me a "gift".

            Even if you believe it was a bribe, the value of it was purely symbolic. What was given wasn't a change in policy, it was a material gift of zero value to anyone else except for scrap. Others that have been subjected to this behavior have given up things like changes in hiring practices and working with "non favored" organizations.

          • brookst 15 hours ago

            Yes, everyone knows. It was transparently a bribe.

            But let’s not motte bailey that into proof that Apple intentionally ships backdoors.

        • zimpenfish 21 hours ago

          > the gold thing seemed like a good, cheap way to get on Trump's good side

          Which, whilst morally repugnant, does make business sense - if Apple got hit by tariffs or other penalties, you can be sure the Carl Icahn style leeches would be popping out of the woodwork complaining that Tim Cook was ruining Apple / the share price / etc. and trying to orchestrate shareholder and/or board revolts.

          (And Good Lord, imagine the threads on here if Apple's value dropped just because Tim Cook didn't give a hideous piece of tat to Trump.)

    • demarq 21 hours ago

      It wouldn’t be a disaster, Apple already donates to the IDF. They literally have IDF among their staff.

      How is none of this public knowledge

      • vlovich123 19 hours ago

        Active serving IDF are also employed by Apple? I know there’s a lot of ex-IDF people in Silicon Valley but since the IDF is mandatory all it means is ex-Israeli people. They could still be secretly working for the Mossad but that’s generally something you can claim true of all foreign nationals - they’re also possibly just normal people with talent and experience.

        • demarq 19 hours ago

          I’d like to clarify with a couple of questions.

          - Are you saying that you believe apple is picking someone who is a real wizz with css, but because of the country’s laws they had to serve with the IDF?

          - Are you saying the formality of having to be a former of your previous employer, as part of taking on new employment is to be unexpected in any way?

          • vlovich123 18 hours ago

            I really don’t understand the questions and they bely an ignorance of things or are intentionally provocative (and not coherent) but I’ll try.

            Firstly, the exploits in play would not be introduced by a “css whiz kid” first of all. Creating holes for rootkits like Pegasus requires deep low level expertise.

            Secondly, AFAIK all the teams that would be involved on working on that are located in Cupertino - so these people had to relocate to the US.

            But yes, I think finding anyone who was a child in Israel and didn’t serve in the IDF is very difficult. This is doubly-so for the tech sector since the IDF is often where they obtain their initial technical education and are serving between 18 and 21.

            Unless you’re blanket just going to disallow recruiting from Israel or hiring people who moved from Israel to the US and might even be US citizens. But then you’re also going to have to explain why you’re applying this policy to Israelis and not Koreans, Singaporeans, Taiwanese, Norwegians, who have similar mandatory service requirements (plenty of countries do).

            I’m not saying that Mossad don’t try to get their own secret agents working long term undercover in these places. But that’s also true of other secret services of enemies and allies alike and I would think they’re less likely to generate exploits intentionally and more likely to gather information and look for exploits by having access to source, documentation, and able to get information from peers. But Israelis having previously worked in the IDF doesn’t really provide any signal to me on the motivations or beliefs of that person.

            • demarq 18 hours ago

              > But Israelis having previously worked in the IDF doesn’t really provide any signal to me on the motivations or beliefs of that person

              You know what, you’re absolutely right. But you’d be wrong if it turns out it’s not the general IDF we’re talking about, and specifically not one all Israelis have to serve. And that Google has all the good stuff.

              But anyway I’m going to let you believe what you believe about a corporation that makes “donations” to a military, and I’m going to believe what I believe.

              • vlovich123 18 hours ago

                Can you elaborate so I can educate myself? Speaking in innuendo isn’t helpful for a discussion like this.

          • LtdJorge 18 hours ago

            Are you saying that Apple should ban hiring Israelis since all of them have to serve in the IDF?

          • op00to 18 hours ago

            Can you try your questions again, but this time coherently?

      • wat10000 17 hours ago

        The Israeli military takes corporate donations?

    • andrewflnr a day ago

      > It is more plausible for the US government to have planted or extorted an asset working as a developer at apple

      This is indeed how I read the comment you replied to.

      • notepad0x90 14 hours ago

        I read it as saying apple's leadership is complicit and cooperating like Google's and Microsoft's have been.

        • andrewflnr 11 hours ago

          The phrase "someone inside Apple" doesn't really connote top leadership. To me at least it resonates more with "insider threat". If they meant it was corporate policy, they would have just said "Apple". And as you said it's rather implausible to start, so I don't know why that would be your first interpretation. :)

    • aucisson_masque a day ago

      > I'm sure if such a relationship became public,most Americans will forget about it in few weeks time and half will be surprised what the big deal is. But apple will lose out on Asia and Europe where it has solid competition. Their hardware is their bread-and-butter.

      Everyone is somewhat aware that their phone are not impermeable to government agencies and it doesn't matter, that's the case for Americans of course because they are well used to it, but also for Europeans.

      If they were to purposely make 'mistake' to allow Israeli spying companies to compromise their phone, it most likely wouldn't change anything.

    • whatevaa 19 hours ago

      It wouldn't be disastrous. Most won't care. A lot of fanatic fans would buy an i-dildo if that was ever a thing and would say that it's the best thing ever.

  • userbinator a day ago

    I hope they're making them stay vulnerable for jailbreakers.

  • flyinglizard a day ago

    It's spectacular how, when Israelis are involved, entire R&D organizations can suddenly become sinister cabals that operate in complete secrecy across ranks.

    /s

    • cedws 14 hours ago

      You only have to have kompromat on one person high up to get the result you want.

nl a day ago

It seems like the author's don't believe this was a deliberate attempt by Apple to hide Spyware:

> Consider holding off on updating to iOS 26 until Apple addresses this issue, ideally by releasing a bug fix that prevents the overwriting of the shutdown.log on boot.

  • ectospheno 8 hours ago

    Holding off on an update containing numerous fixes you are far more likely to run into just to keep an IOC for a thing that you never will because you simply aren't that important seems silly.

    • transpute 8 hours ago

      Article written by iVerify for their customers, who pay a monthly fee for automated forensic analysis of iOS logs.

notepad0x90 a day ago

I just wanna say how ridiculous it is that forensics on iphones is done via backup archives. If apple at least included a full system memory dump along with the backup that'd be better. If only the allowed system-extensions like on macos that run in EL1+ for security monitoring.

  • axoltl 15 hours ago

    I do vulnerability research. Those things would do the exact opposite of what you're aiming for. They'd be received with glee by mercenary spyware companies, _especially_ being able to load things into higher levels of privilege.

    • notepad0x90 14 hours ago

      that wouldn't be a problem, apple signs extensions. In windows land for example, there are ELAM drivers for security software, they don't just hand them out, you basically have to convince people at Microsoft you're one of the good guys, in person.

      • Too an hour ago

        Crowdstrike showed us how good idea that was.

      • axoltl 12 hours ago

        It means more surface (both from extensions themselves and the loader code), relaxation of things like KTRR/CTRR (you now need to add executable EL1 pages at runtime), plus the potential for signing keys to leak (Finding enterprise signing keys even for iOS is fairly easy).

        As far as Windows goes, https://www.loldrivers.io is a thing.

        • notepad0x90 11 hours ago

          Yeah, loldrivers are a thing because any signed driver can load, vuln drivers with ELAM .. I don't know of any, I believe they're quite rare.

          You have a good point with attack surface, but apple has a pretty robust system already for ensuring boot and lock security that doesn't rely on EL0/El1 security. I'm sure you know more than me about higher EL's like EL3 and secure world code that can take care of all that. I'm pretty sure they don't have to issue new signing keys either, matter of fact, why let even 3rd parties do this, apple themselves could expose a memory and file system dumping api without involving third parties. That way, they could sanitize away anything they consider sensitive as well. They can also require that the commands be issued over a physical/authorized usb connection.

          Point is, there are very legitimate are critical cases where memory and file system forensics could be critical. From what little chatter I've heard, forensic software today is resorting to exploitation of the devices and those exploits tend to be abused for other reasons too.

      • transpute 12 hours ago

        Trusted high-privilege components, whether first or third party, are targeted for exploitation.

        • notepad0x90 11 hours ago

          Do you know of any reports where macos system extensions being abused this way? I've heard about windows drivers, but my impression was apple is doing this well enough to be a non-issue mostly?

          • transpute 11 hours ago

            e.g. zero day CVE-2024-44243, patched last year, https://www.microsoft.com/en-us/security/blog/2025/01/13/ana...

            • notepad0x90 9 hours ago

              That's a good one. To be clear, I'm not saying vulnerabilities don't or can't exist in system-extensions. I'm just saying that apple can publish and/or sign iphone extensions for a very limited use case like this, or publish an api/system service to do the same thing, if the concern is 3rd parties. The use case here is reading some memory and exposing that to authorized applications. I concede on the system extension part, but apple can still expose the capability without one.

  • CaptainOfCoit 20 hours ago

    > If apple at least included a full system memory dump along with the backup that'd be better

    Wouldn't that make it easier for people to find vulnerabilities and more importantly (for Apple)? Which would allow people to find vulnerabilities for rooting the phone, something Apple really seems hellbent on preventing.

  • commandersaki 9 hours ago

    There was a good talk by the an employee of this company iVerify at CCC which had a bit advocating for Apple to expose some EDR like mechanism like how they do on macOS to iOS.

  • hulitu 18 hours ago

    > I just wanna say how ridiculous it is that forensics on iphones is done via backup archives.

    Why would somedy want to disturb in memory exploits ? /s

notmyjob 15 hours ago

I’ve been told repeatedly by high ranking members of the apple support forum to never look at logs. Only schizos and idiots look at the logs they said. Even experienced apple developers don’t look at the logs I was told. This makes me question everything about apple support, especially the “geniuses” that work at the Apple Store.

devJdeed 13 hours ago

Can someone confirm if this update does fix the zero-click exploit from Pegasus ?

  • Retr0id 13 hours ago

    Nobody is in a position to confirm that. You can reasonably assume there are multiple viable 0click vectors at any given time, regardless of patch level.

  • fulafel 13 hours ago

    Terminology nit: An exploit is a technique or automation to take advantage of ("exploit") a vulnerability. So fixing a vulnerability breaks an exploit.

krackers 13 hours ago

>Consider holding off on updating to iOS 26

Wait what? Surely if you're concerned about nation-state spyware, upgrading to the latest version is safer than staying on a vulnerable version.

  • SoKamil 13 hours ago

    Apple still releases security patches to recent versions of iOS, especially critical ones.

t0lo 17 hours ago

Deliberate?

  • bigyabai 14 hours ago

    If it was then HN would never live it down, but let's look at the timeline:

      13 months ago: Apple drops NSO Group lawsuit: https://nquiringminds.com/cybernews/apple-drops-lawsuit-against-nso-group-over-pegasus-spyware-concerns/
    
      2 weeks ago: NSO Group confirms it was bought by US interests: https://techcrunch.com/2025/10/10/spyware-maker-nso-group-confirms-acquisition-by-us-investors/
    
      Now: IOCs for Pegasus and Predator are removed from iOS in an OTA update.
londons_explore a day ago

This is dumb - now that this is known, attackers will make sure that they edit the shutdown.log file to be perfectly byte for byte identical to an uninfected device.

So the log has no value

  • zimpenfish 21 hours ago

    They already did:

    > Researchers have noted instances where devices known to be active had their shutdown.log cleared, alongside other IOCs for Pegasus infections. This led to the conclusion that a cleared shutdown.log could serve as a good heuristic for identifying suspicious devices.

    Which is why the article is pointing out that a cleared `shutdown.log` is no longer an indicator of Pegasus infections (because it now happens every boot.)