Skip to main content

Apple Aren't Patching?

An article in Arstechnica highlights how slow Apple can be when patching security flaws.

Although Apple didn't make a big deal about it, one of the security fixes included in the recent iPhone/iPod touch 2.0 firmware is a fix for a fairly high-profile WebKit bug that was used to hack a MacBook Air back in March. People immediately began asking why the bug took so long to fix on the iPhone. Now, the researcher who discovered it, Charlie Miller, has called Apple out over its iPhone patching practices in a recent Computerworld piece, saying that the company "messed up."

When the bug was originally disclosed to Apple, the company asked Miller if Mobile Safari was also affected, and he suggested that it probably was. Unfortunately, he wasn't able to confirm his assertion at the time, and left it up to Apple (which had all of the details) to test the exploit on the iPhone itself. It turned out that the exploit code needed to be tweaked slightly to do anything malicious on an iPhone, but Apple apparently closed the case after the OS X exploit failed to do anything nasty.

Further research revealed that if the actual JavaScript regular expression exploit code was run, bad things would still happen. Apple seemed to have corrected the bug pretty quickly after that. However, the mere fact that it took Apple so long to patch an iPhone WebKit bug has brought up the question: how well will Apple be able to manage two OS versions? Miller has pointed out that most WebKit bugs found on OS X will also occur on the iPhone and iPod touch, so Apple could theoretically patch both at the same time. Whether that will ever actually happen remains to be seen.

Post a Comment

Popular posts from this blog

iOS 8.4 Is Here!

iOS8.4 is here and available to download so head over and grab it from Software Update.

Radon in Newry, Mourne and Down - Action & Education Needed

Council budgets have been and continue to be slashed and perhaps that's the reason why more is not being done to educate people on the risk Radon gas is posing to their health in the area of Newry, Mourne and Down. A recently published Government report includes the below map which starkly highlights the huge areas of the district that are potentially exposed to high levels of this naturally occurring radioactive gas.



While the UK Government recognises and highlights the role this gas plays in causing lung cancer the EPA in the U.S. goes further adding numbers and additional facts such as : 1. 21,000 deaths a year are linked to Radon gas in the U.S.  2. It's the second biggest cause of lung cancer after smoking 3. Radon can enter the home through the water supply as well as the soil 4. There is a risk of stomach cancer from ingesting water containing Radon and lung cancer from inhaling the gas carried in the water.
To help protect and educate the population it's time the c…

Asteroid 1999 FN53: The Truth

This is a short post just to correct reports coming out of some media outlets. The 0.9 km wide 1999 FN53 asteroid is not going to hit us on May 14th. There are no instabilities in its orbit that might send it our way. In fact it will not hit us within the next 8000 years. Its going to miss us by about 7 million miles. Panic over. Check out the link below from NASA JPL for more details:
http://echo.jpl.nasa.gov/asteroids/1999FN53/1999FN53_planning.html