← Back to context

Comment by MrDOS

4 days ago

I wish I had a better sense of how these zero-click vulnerabilities work so I could get a sense of how to protect myself from them (you know, without giving in to Liquid Glass). Can they be blocked by an ad blocker? Are they blocked by any extant ad blockers? What about “Lockdown Mode”?

9 comments

MrDOS

Reply
fn-mote  4 days ago

Note that this is 1-click.

0-click example: receive an MMS with a malformed image that exploits a bug in decoding

  • rsync  4 days ago

    "0-click example: receive an MMS with a malformed image that exploits a bug in decoding ..."

    Consider a SMS firewall that:

    - flattens text to ascii-256

    - recompresses, noises and slightly resizes images and video

    ... and only then passes the message onto your real (SIM card) phone number.

    This, of course, requires that you host your phone number somewhere like Twilio which has other added benefits like additional protection from SIM-jacking and being invulnerable to theft or loss of your handset, etc.

    Recommended.

    • Lockal  4 days ago

      If this firewall is available as a commercial product, eventually it be infected, so there won't be any need to hack any client devices. Since this is clearly a niche product, the device manufacturer won't be able to identify and fix bugs as effectively as companies like Apple do. This follows ROSKOMNADZOR recommendations: to install a middleware device that decrypts, stores, modifies, blocks and redirects all traffic depending on rules submitted from external party.

      1 reply →

SimianSci  4 days ago

It's a watering hole attack. At any point your iphone sends an http request to a compromised site, by add, link, embedded, etc. your device will be exploited. there really isn't a way to permanently defeat this. We are about to see an explosion of novel attack types utilizing this exploit as their basis, you realistically cannot defend yourself against these without either updating or no longer using an iphone.

  • walterbell  4 days ago

    > At any point your iphone sends an http request to a compromised site, by add, link, embedded, etc. your device will be exploited.

    Would it help to disable Javascript on untrusted sites via Brave?

bix6  4 days ago

My understand is ad blockers only stop one class. Lockdown Mode is supposedly a major upgrade given all the underlying processes it blocks / slows.