Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Apple operating systems automatically apply patches to devices for critical security updates so long as those patches are signed by a cryptographic private key held by Apple. That is in fact an RCE system that already exists.

There also exist humans that have access to those private keys, and those humans can be controlled by money, court orders, or violence.

In China the CCP has control over the software signing keys, so they can push any software to any apple device they like.

How long before US politicians start demanding the same?

Or maybe they just make a security mistake. Maybe a state actor performs a side channel attack on the known vulnerable Apple Silicon that powers their HSMs.

SPOFs always tend to fail.



> In China the CCP has control over the software signing keys, so they can push any software to any apple device they like.

I've never heard about China having special iOS releases signed by different keys. Fairly sure all devices across the world get the same exact OS builds, but would be curious to read more about this if you have any sources?


You cannot really use that as argument. Everyone does that so it does not make Apple ”worse”.

Same applies almost every Linux distribution since their builds are not reproducible.

It is just a matter of who you want to trust. Eventually you need to trust someone.


Not everyone does this

My core area of research is supply chain attacks, and I run a company where we regularly train high risk organizations how to remove trust from any single human or system in critical areas of their stack like key management, CI/CD, etc. Many of our clients are fintech companies where trusting a single person, even a system administrator, would seriously endanger them.

Meanwhile Apple sysadmins still manage most of their infra with centrally controlled Puppet nodes last I heard.

Speaking of Linux distros, I created a 100% reproducible and full-source-bootstrapped Linux distro where every package is signed and reproduced by multiple people to avoid having to trust any single human, including me.

https://codeberg.org/stagex/stagex

Guix comes close to this mark too, so we are hardly the only viable option in town.

There are always alternatives to centralizing trust and you do not need to have an Apple-sized budget to afford them.


  Eventually you need to trust someone.
There are plenty of things I use but don't trust.


So you zero evidence that (a) Apple has deliberately put backdoors or that (b) CCP has access to iOS source code.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: