Apple Leaves Users Vulnerable By Not Fixing iOS and OS X Security Issues Simultaneously
Notable computer security researcher Kristin Paget, who worked on Apple's security team before leaving for Tesla in early 2014, has taken to her blog (via Ars Technica) to criticize Apple for fixing more than a dozen security flaws in iOS weeks after patching them in OS X.
iOS 7.1.1, released yesterday, patched multiple WebKit vulnerabilities that were initially fixed in OS X with the release of Safari 7.0.3 on April 1. The delay between fixes, says Paget, alerted hackers to serious flaws potentially exploitable on Apple's mobile operating system and then gave hackers ample time to exploit the vulnerabilities.
Is this how you do business? Drop a patch for one product that quite literally lists out, in order, the security vulnerabilities in your platform, and then fail to patch those weaknesses on your other range of products for weeks afterwards? You really don't see anything wrong with this?
Someone tell me I'm not crazy here. Apple preaches the virtues of having the same kernel (and a bunch of other operating system goop) shared between two platforms – but then only patches those platforms one at a time, leaving the entire userbase of the other platform exposed to known security vulnerabilities for weeks at a time?
Addressing Apple, Paget goes on to write that Apple needs to sit in front of a chalkboard and write out "I will not use iOS to drop 0day on OSX, nor use OSX to drop 0day on iOS."
In addition to the WebKit vulnerabilities that were patched out of sync, Apple also recently exposed a major OS X flaw when patching the same flaw in iOS. Back in February, with the release of iOS 7.0.6, a major SSL connection verification vulnerability came to light. Known as the "goto fail" bug, it left iOS and OS X users vulnerable to man-in-the-middle attacks where hackers could pose as a trusted website to intercept communications or acquire sensitive information.
Apple launched iOS 7.0.6 on a Friday, fixing the vulnerability on iOS but leaving OS X users vulnerable to attack until the following Tuesday, when it released OS X 10.9.2 to patch the security flaw.
Popular Stories
Apple has announced that iOS 18.2, iPadOS 18.2, and macOS Sequoia 15.2 will be released today following more than six weeks of beta testing.
For the iPhone 15 Pro and iPhone 16 models, the update introduces additional Apple Intelligence features, including Genmoji for creating custom emoji, Image Playground and Image Wand for generating images, and ChatGPT integration for Siri. There is also ...
Apple today seeded the second release candidate versions of upcoming iOS 18.2, iPadOS 18.2, and macOS 15.2 updates to developers and public beta testers for testing purposes, a week after releasing the first RCs. The first iOS 18.2 RC had a build number of 22C150, while the second RC's build number is 22C151. Release candidates represent the final version of beta software that's expected to see a ...
Apple's forthcoming iPhone SE 4 will feature a single 48-megapixel rear camera and a 12-megapixel TrueDepth camera on the front, according to details revealed in a new Korean supply chain report.
ET News reports that Korea-based LG Innotek is the main supplier of the front and rear camera modules for the more budget-friendly ~$400 device, which is expected to launch in the first quarter of...
Apple seeded the release candidate version of iOS 18.2 today, which means it's going to see a public launch imminently. Release candidates represent the final version of new software that will be provided to the public should no last minute bugs be found, and Apple includes release notes with the RC launch.
The iOS 18.2 release notes provide a look at all of the new features that are coming...
Apple is set to release iOS 18.2 in the second week of December, bringing the second round of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update brings several major advancements to Apple's AI integration, including completely new image generation tools and a range of Visual Intelligence-based enhancements. There are a handful of new non-AI related feature controls...
Apple plans to remove the notch from the MacBook Pro in a few years from now, according to a roadmap shared by research firm Omdia.
The roadmap shows that 14-inch and 16-inch MacBook Pro models released in 2026 will have a hole-punch camera at the top of the display, instead of a notch. It is unclear if there would simply be a pinhole in the display, or if Apple would expand the iPhone's...
Despite being released over two years ago, Apple's AirPods Pro 2 continue to dominate the wireless earbud market. However, with the AirPods Pro 3 expected to launch sometime in 2025, anyone thinking of buying Apple's premium earbuds may be wondering if the next generation is worth holding out for.
Apart from their audio and noise-canceling performance, which are generally regarded as...
Norwegian payment service Vipps has become the world's first company to launch a competing tap-to-pay solution to Apple Pay on iPhone, following Apple's agreement with European regulators to open up its NFC technology to third parties.
Starting December 9, Vipps users in Norway can make contactless payments in stores using their iPhones. The service initially supports customers of SpareBank...
