Apple iOS and OSX Compromised for Six Months
-
Apple has had a know vulnerability in all of its OS platforms for six months without patching them.
http://www.theregister.co.uk/2015/06/17/apple_hosed_boffins_drop_0day_mac_ios_research_blitzkrieg/
-
Expect zero day attacks very, very soon. Although are they really zero day if Apple has known for six months?
Apple asked that the research be kept quiet for six months, which is was, so we've all been sitting with this vulnerability putting us at risk while knowledge of it was kept hushed. Now it is public and the vulnerability is still there!!
-
This is bad... but it looks like the user still has to download an app for it to work.
-
At the moment, but since the App Store is allowing stuff with that compromise in it to go to the store, that's a very real risk.
-
Seems apple has been lacking on security. This there's been a lot of these unpatched issues recently.
I somewhat wonder if this isn't from the fact that they didn't used to deal with them, no one attack them much so why would they get noticed? now that they are is apple prepared to find flaws and fix them quickly like Microsoft has had to do for years?
-
Apple, I think, probably lacks a general security mindset and might easily lack the necessary skills to really tackle this stuff well. Microsoft has such a history of being attacked and being used in the most demanding businesses that they really handle this stuff with aplomb.
-
It seems odd to say that Apple isn't in a security mindset when they pushed security first and foremost in their newer devices with auto enabled encryption, the security chip they use, etc. Frankly they seem to be doing it about the best, at least in hardware.
The problem that Microsoft and Android have are that the phone vendors are preventing the devices from being updated, not to mention that Google themselves have bailed on support for a version of Android that still had major market share even though they know there are huge flaws. Though I understand why Google bailed on support of those old versions - the carriers will never roll the update out, so why bother.
-
@Dashrender said:
It seems odd to say that Apple isn't in a security mindset when they pushed security first and foremost in their newer devices with auto enabled encryption, the security chip they use, etc. Frankly they seem to be doing it about the best, at least in hardware.
Encrypting data at rest is a very minor piece of the security puzzle.
-
@thecreativeone91 said:
Encrypting data at rest is a very minor price of the security puzzle.
The one most popular from a marketing standpoint because consumers don't understand the concept of data in flight. Data at rest is the easy piece to tackle in many situations.
-
@Dashrender said:
The problem that Microsoft and Android have are that the phone vendors are preventing the devices from being updated, not to mention that Google themselves have bailed on support for a version of Android that still had major market share even though they know there are huge flaws. Though I understand why Google bailed on support of those old versions - the carriers will never roll the update out, so why bother.
So? Upgrade your phone. How long do most people keep the same phone anyway. That's like blaming Microsoft and PC Vendor X for someone still using XP because the newer version that is supported does not work on their computer.
-
@thecreativeone91 said:
So? Upgrade your phone. How long do most people keep the same phone anyway. That's like blaming Microsoft and PC Vendor X for someone still using XP because the newer version that is supported does not work on their computer.
Longer than you may think. I play ingress and there are conversations daily about people running phones like the Samsung Galaxy S3 with no intention to upgrade.
Most people are realizing that upgrading is expensive now that carriers like AT&T discount the plan after your phone is off contract. A lot of people still do upgrade, but more and more are holding on longer now.
-
@JaredBusch said:
Most people are realizing that upgrading is expensive now that carriers like AT&T discount the plan after your phone is off contract. A lot of people still do upgrade, but more and more are holding on longer now.
TMobile separates the cost of the phone from the contract, so a similar thing occurs there. People stop paying the phone cost after X months and suddenly go "oh wait, I'm saving money!!"
People like me who have a perfectly good iPhone 5s that will easily go another year or two. I'm nearly on two years with it now!! I'll easily go three at a minimum. The cost savings is just too nice.
-
@scottalanmiller said:
@thecreativeone91 said:
Encrypting data at rest is a very minor price of the security puzzle.
The one most popular from a marketing standpoint because consumers don't understand the concept of data in flight. Data at rest is the easy piece to tackle in many situations.
It's my understanding that Apple does in flight encryption as well, at least in the parts they control - clearly they don't control other people's apps.
-
@thecreativeone91 said:
@Dashrender said:
The problem that Microsoft and Android have are that the phone vendors are preventing the devices from being updated, not to mention that Google themselves have bailed on support for a version of Android that still had major market share even though they know there are huge flaws. Though I understand why Google bailed on support of those old versions - the carriers will never roll the update out, so why bother.
So? Upgrade your phone. How long do most people keep the same phone anyway. That's like blaming Microsoft and PC Vendor X for someone still using XP because the newer version that is supported does not work on their computer.
It's nothing of the same! Scott is using a computer from the Vista days (or at least was). We SHOULDN"T have to upgrade our devices every two years to keep up to date with security patches.
-
@scottalanmiller said:
@JaredBusch said:
Most people are realizing that upgrading is expensive now that carriers like AT&T discount the plan after your phone is off contract. A lot of people still do upgrade, but more and more are holding on longer now.
TMobile separates the cost of the phone from the contract, so a similar thing occurs there. People stop paying the phone cost after X months and suddenly go "oh wait, I'm saving money!!"
People like me who have a perfectly good iPhone 5s that will easily go another year or two. I'm nearly on two years with it now!! I'll easily go three at a minimum. The cost savings is just too nice.
Exactly. My S4 is now over two years old, and while I will upgrade soon (actually already stopped using that phone when I bought the Lumia 635) when the flagship Windows phone comes out, but there are good chances that I'll keep that phone for 3 years.
Half of my physicians (guys who really have more money than they need) haven't upgraded in 4+ years, there just hasn't been a need.
So with this being the case, the phone vendors need to get the hell out of the way and allow the manufactures to take back control of the devices and provide upgrades.
-
@Dashrender said:
It's nothing of the same! Scott is using a computer from the Vista days (or at least was). We SHOULDN"T have to upgrade our devices every two years to keep up to date with security patches.
Am still but the OS is Windows 8.1. I keep the software very current even when the hardware is not.
-
@scottalanmiller said:
@Dashrender said:
It's nothing of the same! Scott is using a computer from the Vista days (or at least was). We SHOULDN"T have to upgrade our devices every two years to keep up to date with security patches.
Am still but the OS is Windows 8.1. I keep the software very current even when the hardware is not.
Exactly again - hardware can last a decade now. Granted a phone often gets beaten to death compared to a laptop or desktop, but it should still, in general, be able to last at least 4 years.
-
I can't imagine having a phone that long (we do have a 4s or 2 in production around here for newbies) but generally I get a new phone every year. I use it so much.
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
It's nothing of the same! Scott is using a computer from the Vista days (or at least was). We SHOULDN"T have to upgrade our devices every two years to keep up to date with security patches.
Am still but the OS is Windows 8.1. I keep the software very current even when the hardware is not.
Exactly again - hardware can last a decade now. Granted a phone often gets beaten to death compared to a laptop or desktop, but it should still, in general, be able to last at least 4 years.
For a desktop sure. With hardware in a phone there is still so much advancements in a year that keeping it compatible with everything would be hard. There's very little improvement or changes in desktop chipsets and cpus these days aside from making them more power efficient. 4 years for a phone is unrealistic, the batteries aren't even meant to last that long.
-
So the Apple has been rotting for 6 months, yet no one has thrown it out?
lol, couldn't resist.
