"Hopefully those cops can track down the crooks charging $1,500 for a phone."
I don't think they have to search far once they are on the Apple police portal to find those crooks.
This was the week of ice cold exploits, re-appearing JavaScript nasties, and of course Patch Tuesday. A few other things happened too… Android gets its monthly patch-up Microsoft and Adobe weren't the only ones to kick out monthly updates recently. Google also issued the September update for Android. This month, fixes …
(The comment above was in response to OP)
Nonetheless, I look at this as a positive first step as I've discovered when you invent activation locks, ICloud login phishing is the answer for resetting stolen handsets.
You need to know your victim first, send an exploit or whatever, then steal the handset.
Look how it just became at least three times more difficult than just nabbing a phone carelessly left in a pocket inside a purse?
Armed with those keys, an attacker could then decode sensitive information such as passwords that would allow them to take over Intel Management Engine (ME) firmware controls in PCs and servers.
Fuck you, Intel.
That's what we get for allowing a black box sitting on the processor "Intel vPro/AMT/ME/whatever".
Most times (if we're talking business-class laptops/desktops here), you can update the firmware independently from the BIOS/UEFI firmware. The ME firmware sits on a separate region of the flash.
But Intel doesn't seem to be releasing the firmware on its websites ... they only have a flasher, and the firmware comes from OEM. Damn, wly the hell?
At least, if you're comfortable soldering chips, you can try me_cleaner or somthing.
Edit: https://www.win-raid.com/t596f39-Intel-Management-Engine-Drivers-Firmware-amp-System-Tools.html
This site seems to provide separate F/W packages for all versions of MEI.
However, what if there are remotely exploitable zero-days? (I think that there ARE ones in the wild, which may be why the US Gov't. asked for HAP support on Skylake MEI and above)
I used to be 2M (Micro-Miniature) certified by when all the crap in my spinal cord went to shit, that went out the window. I've been closely following the IME/AMT issue since the beginning and me-cleaner isn't an option, the wrong CPU-familes here. No, I just keep the Intel-CPU machines energy-gapped which sort of works as they are used for pure computing grunt. Machine learning, all sorts of modeling as well as pretty much any form of computer-aided engineering you could think of, even a couple you probably wouldn't. It's still so damned annoying that I have to pull datasets and then cryptographically/safely transport them across systems.
I'm certainly not buying Intel ever again and have been a solid loyalist for a quarter century. Just "what" I get in the future is an open question as they are stuffing this shit into every decent CPU around, not that I have a large budget anymore. Even OpenRISC looks to be joining that now.
{Frustrated-Shrug}