Apple Leaves Users Vulnerable By Not Fixing iOS and OS X Security Issues Simultaneously
Notable computer security researcher Kristin Paget, who worked on Apple's security team before leaving for Tesla in early 2014, has taken to her blog (via Ars Technica) to criticize Apple for fixing more than a dozen security flaws in iOS weeks after patching them in OS X.
iOS 7.1.1, released yesterday, patched multiple WebKit vulnerabilities that were initially fixed in OS X with the release of Safari 7.0.3 on April 1. The delay between fixes, says Paget, alerted hackers to serious flaws potentially exploitable on Apple's mobile operating system and then gave hackers ample time to exploit the vulnerabilities.
Is this how you do business? Drop a patch for one product that quite literally lists out, in order, the security vulnerabilities in your platform, and then fail to patch those weaknesses on your other range of products for weeks afterwards? You really don't see anything wrong with this?
Someone tell me I'm not crazy here. Apple preaches the virtues of having the same kernel (and a bunch of other operating system goop) shared between two platforms – but then only patches those platforms one at a time, leaving the entire userbase of the other platform exposed to known security vulnerabilities for weeks at a time?
Addressing Apple, Paget goes on to write that Apple needs to sit in front of a chalkboard and write out "I will not use iOS to drop 0day on OSX, nor use OSX to drop 0day on iOS."
In addition to the WebKit vulnerabilities that were patched out of sync, Apple also recently exposed a major OS X flaw when patching the same flaw in iOS. Back in February, with the release of iOS 7.0.6, a major SSL connection verification vulnerability came to light. Known as the "goto fail" bug, it left iOS and OS X users vulnerable to man-in-the-middle attacks where hackers could pose as a trusted website to intercept communications or acquire sensitive information.
Apple launched iOS 7.0.6 on a Friday, fixing the vulnerability on iOS but leaving OS X users vulnerable to attack until the following Tuesday, when it released OS X 10.9.2 to patch the security flaw.
Popular Stories
Apple is planning some of the "biggest iOS and macOS redesigns in its history," according to Bloomberg's Mark Gurman.
In his Power On newsletter today, Gurman reiterated that iOS 19 will have a visionOS-like design with more transparent interfaces:The new interfaces will adopt the design principles introduced in visionOS, the software for Apple's Vision Pro headset. That includes greater...
If you've been following iPhone rumors over the last few years, you may remember reading reports that Apple flirted with the idea of introducing a super high-end "Ultra" model that would either replace its Pro Max device or sit above it in Apple's smartphone hirearchy. These reports appeared in the pre-launch iPhone 15 and iPhone 16 rumor cycles, but ultimately came to nothing. Now though, the...
In an investor research note today with British bank Barclays, analyst Tim Long said Apple's first foldable iPhone could have a starting price in the $2,300 range in the United States, which would make it by far the most expensive iPhone model ever.
If the first foldable iPhone starts at $2,299, that means it would cost nearly twice as much as the iPhone 16 Pro Max, which starts at $1,199.
...
Apple prototyped a larger ultra-slim iPhone 17 Air with a 6.9-inch display, but ultimately decided not to go ahead with the device because of fears that it could be susceptible to bending, according to a new report.
Bloomberg reporter Mark Gurman, writing in his latest Power On newsletter:
When it first started work on the phone, it prototyped a device with a 6.9-inch screen — matching...
While the iPhone 18 Pro models are still around a year and a half away from launching, there are already some early rumors about the devices.
Below, we recap some key iPhone 18 Pro rumors so far.
Under-Screen Face ID
In April 2023, display industry analyst Ross Young shared a roadmap showing that iPhone 17 Pro models would feature under-display Face ID. In May 2024, however, Young said ...
The iOS 18.3.2 update that Apple released last week appears to have broken iCloud Mail for some users. There are multiple complaints on Reddit and the MacRumors forums from users who say that iCloud Mail is not able to push new iCloud emails to their iPhones after the iOS 18.3.2 update.
Affected users say that despite having the correct settings enabled, new iCloud emails are not showing up...
All four iPhone 17 models launching later this year will feature an upgraded 24-megapixel front-facing camera, according to analyst Jeff Pu.
In a research note today with investment firm GF Securities, Pu shared a chart in which he reiterated that the iPhone 17, iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max will each be equipped with a 24-megapixel front camera. By comparison, all four ...
Bloomberg's Mark Gurman today shared some new details about the rumored iPhone 17 Air.
In his Power On newsletter, Gurman said he was told that the device may start at roughly $899 in the U.S., which means that it would occupy the same price point as the iPhone 16 Plus. This would make sense, as it has been widely rumored that the Air model will take over the Plus model's spot in the iPhone...
