Skip to main content

Apple Aren't Patching?

An article in Arstechnica highlights how slow Apple can be when patching security flaws.

Although Apple didn't make a big deal about it, one of the security fixes included in the recent iPhone/iPod touch 2.0 firmware is a fix for a fairly high-profile WebKit bug that was used to hack a MacBook Air back in March. People immediately began asking why the bug took so long to fix on the iPhone. Now, the researcher who discovered it, Charlie Miller, has called Apple out over its iPhone patching practices in a recent Computerworld piece, saying that the company "messed up."

When the bug was originally disclosed to Apple, the company asked Miller if Mobile Safari was also affected, and he suggested that it probably was. Unfortunately, he wasn't able to confirm his assertion at the time, and left it up to Apple (which had all of the details) to test the exploit on the iPhone itself. It turned out that the exploit code needed to be tweaked slightly to do anything malicious on an iPhone, but Apple apparently closed the case after the OS X exploit failed to do anything nasty.

Further research revealed that if the actual JavaScript regular expression exploit code was run, bad things would still happen. Apple seemed to have corrected the bug pretty quickly after that. However, the mere fact that it took Apple so long to patch an iPhone WebKit bug has brought up the question: how well will Apple be able to manage two OS versions? Miller has pointed out that most WebKit bugs found on OS X will also occur on the iPhone and iPod touch, so Apple could theoretically patch both at the same time. Whether that will ever actually happen remains to be seen.

Comments

Popular posts from this blog

Everyone Should Watch Tim Cook’s 2017 MIT Commencement Address

On June 9th 2017, Apple’s CEO Tim Cook took to the stage at MIT and addressed this years graduating class. Throughout the speech you can hear echoes to the address the late Steve Jobs gave to the Stanford class of 2005 but make no mistake this feels like it’s personal and coming from the heart and to me it was brilliant. I cannot recommend it enough. If you decide you don’t have time to listen then just take away this one line:

Measure your impact on humanity not in the likes, but the lives you touch; not in popularity, but in the people you serve. - Tim Cook 2017


Tim strikes the perfect balance between hope, caution and responsibility. Your role in this world is to find how you can best serve humanity. Don’t let the negative voices, no matter where they come from, divert you from doing what you believe to be right and don’t let yourself become one of those voices. Sticking to your values and making the world better for everyone is not easy and is not going to be easy. Embrace the ch…

iOS 8.4 Is Here!

iOS8.4 is here and available to download so head over and grab it from Software Update.

A Little Time Travel Thought Experiment

During the Back to the Future (BTTF) anniversary celebrations there was a lot of talk about how accurately they represented time travel. The consensus seemed to be that travelling back and appearing at the same physical location but in a different time was how time travel would likely work. This is where I got thinking. The universe is an ever moving beast. Nothing sits still and this leads to some pretty big problems. To start with the Earth rotates on its axis every ~24 hours, so our traveller would need to arrive at approximately the same time of day in the past. He’s worked out time travel so that’s not going to be hard to do. Next, the Earth orbits the sun every ~365.25 days. This one is a little more of a problem. If our traveller is in the heat of June and has decided to travel back because he wants to see an Xmas in the past he’s got a problem. The Earth will be on the other side of the Sun. So Marty needs to travel back to roughly the same day each year? Fair enough I suppos…