

Ask HN: How can Apple safely upgrade a OS when the update app itself is broken? - eik3_de

Will Apple send USB flash drives to all customers?
======
brudgers
Better question how can Apple trust anything if they relied on a compromised
version of OSX during development?

In a worse case exploitation of the vulnerability, backdoors could be
sprinkled anywhere on any OSX machine including binaries on development
machines or those used to administer servers. Short of bringing in a unicorn
to snif out virgins, they can only assume that everything connected to the
internet has been fucked.

For exploits embedded in the source code, rebuilding doesn't eliminate
anything. If there are others - and why wouldn't a sophisticated attacker
plant more than one, then the best option is a code audit and wishfully hoping
that it found everything.

How fucked could Apple be? With SSL broken, why wouldn't an attacker do such a
things to create a robust exploit?

Suppose Apple looked at the commit history for the problematic file and the
change to the source code doesn't show up...compromising a machine that
controls version control software would allow that. If I were running an NSA
op or were a cyber-crimminal, that's the sort of thing I would do once I
thought of it. Well actually I would hire some Fairfax County contractor to do
it in the case of the NSA - someone like Snowden.

------
Hengjie
They probably sign their updates with a private key.

~~~
meowface
They do, but the very bug they're trying to patch is a flaw in the signature
verification function. Meaning any bogus signature will pass the check.

