So here's the full case Apple vs. Corellium. And IANAL, but besides coming off really hostile, Apple seems to have a rather thin case here.https://www.scribd.com/document/422019022/Apple-v-Corellium …
Show this thread
-
Apple also seems to at least partially try and make a case against fair use, complaining about how Corellium doesn't force its customers to report vulnerabilities to Apple. If it wasn't about fair use here, I imagine these two paragraphs would just be met with "yeah, so what?".pic.twitter.com/NwNpOBBGbZ
Show this thread
This part though sounds wildly misleading. First, unc0ver is a jailbreak, not an exploit. None of the unc0ver developers developed any of the exploits used in the app.pic.twitter.com/8fojoD6440
-
-
And second, this seems to imply that Corellium aided in exploit development in this specific case - except the exploit used was voucher_swap by
@_bazad, published in full more than two and a half months before being used in the unc0ver jailbreak.Show this thread -
And then there's this, which I would call primordial bullshit. - They always have and still do oppose any kind of security research. Maybe not to the point of suing people, but it's very clear their actual concern is PR, not security.pic.twitter.com/xi8meXQ394
Show this thread -
- The mentioned positions are merely a week old. Before that, the maximum payout was only a fifth of the quoted sum, the majority of vulnerabilities wouldn't qualify, and you first had to get invited anyway, into a bounty program so secretive even its NDA is under NDA.
Show this thread -
- These (NB newly announced) "custom versions" of the iPhone aren't even gonna be available until 2020, and the phrase "legitimate security researchers" strongly implies it will not be available to the general public, but only those favored by Apple.
Show this thread -
- The security-wise most important parts of iOS (boot chain & SEP) are encrypted in such a way that only those who have hacked these parts already can decrypt and analyze their firmware, and Apple provides no way of what they call "legitimately" gaining access to those.
Show this thread -
Before iOS 10, this was even the case for ALL parts of iOS. And they continue to do this despite the fact that people who hacked these components have been publishing keys for them for as long as they have existed. aPple STrongly SuPPOrTS gooD-fAiTh SeCUrITY rESeArCh. Yea rite.
Show this thread
End of conversation
New conversation -
-
-
You don’t expect that lawyers can differentiate between exploit, vulnerability and jailbreak, do you?
-
I expect lawyers to be experts in precise language. So yeah, I sorta do.
-
Apple’s exepections for the lawyers they will work with seem to be worse than the person shown in that screenshot:https://twitter.com/iBSparkes/status/1160885954921603073?s=20 …
End of conversation
New conversation -
-
-
I would say that u0 is an exploit. It fits the definition of "a software tool designed to take advantage of a flaw in a computer system, typically for malicious purposes such as installing malware" even if it utilizes exploits developed by others. Still a fucking bogus suit tho
-
Except it’s not.
-
It has an exploit in its code, it in itself is not an ‘exploit’.
-
I agree that it doesn't satisfy what most of us in the community would call an exploit. I'm just saying that it does fit the definition for a lay person.
-
It’s not so much an exploit, as it is a means to exploit. I can understand Apple’s pissed at Correllium for offering a service to dev’s that they hadn’t thought of yet, emulation. Isn’t this the way things go with Apple? Next WWDC they’ll announce the same thing.
End of conversation
New conversation -
-
-
I was going to comment do you think it’s a coincidence they file the suit almost immediately after announcing the larger bug bounty program and the custom security research phones but you noticed it too.
-
Yea probably so they can have a “stronger” argument for their case.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.