I’m skeptical for now. I have seen NO security bulletins about this through the years and it is too elaborate of a bombshell tale to have been kept perfectly under wraps for all of this time.
Not impossible but I am skeptical.
I’ll listen for it A good clue will be to see which politicians pick up on this and use this to justify actions. Supply-chain hardware infiltration has been a strong worry for decades now – 1980s kids hacking movies used it as a plot point a bunch of times with Atari 2600 cartridges having secret Russian chips inside (a good kids movie with Gene Hackman as a bad guy comes to mind) – so a shock at this scale and magnitude to come out all at once in a bombshell with no prior warning is a bit much for me to swallow easily just yet.
But I’ll watch.
I say this because the computer security community is VERY VERY open and shares EVERYTHING the moment wind breaks.
If a server is compromised at Apple, even with non-disclosure agreements, a security engineer will get the word out to the greater security community IMMEDIATELY.
It’s part of their culture.
I cannot envision multiple large companies knowing about a severe flaw of this magnitude and keeping the security engineers hush