Skip to main content

Apple Aren't Patching?

An article in Arstechnica highlights how slow Apple can be when patching security flaws.

Although Apple didn't make a big deal about it, one of the security fixes included in the recent iPhone/iPod touch 2.0 firmware is a fix for a fairly high-profile WebKit bug that was used to hack a MacBook Air back in March. People immediately began asking why the bug took so long to fix on the iPhone. Now, the researcher who discovered it, Charlie Miller, has called Apple out over its iPhone patching practices in a recent Computerworld piece, saying that the company "messed up."

When the bug was originally disclosed to Apple, the company asked Miller if Mobile Safari was also affected, and he suggested that it probably was. Unfortunately, he wasn't able to confirm his assertion at the time, and left it up to Apple (which had all of the details) to test the exploit on the iPhone itself. It turned out that the exploit code needed to be tweaked slightly to do anything malicious on an iPhone, but Apple apparently closed the case after the OS X exploit failed to do anything nasty.

Further research revealed that if the actual JavaScript regular expression exploit code was run, bad things would still happen. Apple seemed to have corrected the bug pretty quickly after that. However, the mere fact that it took Apple so long to patch an iPhone WebKit bug has brought up the question: how well will Apple be able to manage two OS versions? Miller has pointed out that most WebKit bugs found on OS X will also occur on the iPhone and iPod touch, so Apple could theoretically patch both at the same time. Whether that will ever actually happen remains to be seen.

Post a Comment

Popular posts from this blog

iOS 8.4 Is Here!

iOS8.4 is here and available to download so head over and grab it from Software Update.

XBox Live Dashboard Update Tomorrow!

I just logged into XBox Live for the first time in a while today and I've mail informing me that XBox live is going to be offline tomorrow for about 24 hours. This must be the big update that was announced at E3. The blades will soon be gone and we'll have the more modern interface. I liked the blades but I'm very excited about new interface. I'll post about the new look once i get a look at it hopefully on Tuesday.

Flickr For iOS: Could Not Communicate With Server Fix

I've seen multiple reports on Google from people trying to login to Flickr through iOS 7 Settings and receiving the 'Could not communicate with server' login failure. I changed phones last week and received the same error message this morning. The fix that worked for me is:1. Go to Flickr through a desktop browser.  2. Go to the your profile image in the top right and click Settings. 3. In Your Account select the Sharing & Extending tab. 4. Revoke the iOS related Account Links. 5. Login again on your iPhone through Settings and you should now have access.
I hope this helps. 
Usual disclaimer: please remember that this is offered purely as information about what worked for me. I do not accept any responsibility for issues that may be caused by anyone else following these steps and you do so at your own risk.