How is this even remotely considered a security issue?
Yes, every touch is logged, but none of the logs carry any semantic information about the touches.
Yep, but I bet we don't get a response...They'll just release yet another patch...I'm pretty conservative when it comes to Apps, but I do have SSH installed on phone and iPad....I may remove them for now.
Of course we won't get a response.
I love Apple products but the business model that forces software and hardware into obsolescence is one negative and this keeping schtum on security is what's most maddening.
The hardware and software I can find almost 100% functional workarounds for with the help of forums like this so the problem is mitigated somewhat. (MP 1,1 running ML for instance). But the Security things leave you in the dark and feeling vulnerable.
Well it's certainly bad news that the exploit is there, but on the up shot at least it's now known and will be fixed promptly.
I put a JB fix on 7.0.4 (SSLfix)
My thoughts exactly.How is this even remotely considered a security issue?
Yes, every touch is logged, but none of the logs carry any semantic information about the touches.
What those guys have just demonstrated is of no use to an actual hacker. It would be like tapping a phone line and then only be able to know how many calls are placed each day.
It didn't use to, a type of multi-tasking, background updates etc, was added i(in iOS7?). That's my understanding anyway.I thought the Iphone didn't have multitasking... I heard it so many times in here.
welcome to the new microsoft.
Of all the kinds of military and state activity, I'm for cutting back the military to something more like "defense." I'm for the CIA stopping torture, not making military plans like Iraq; our intelligence services should have rules of engagement in foreign countries and with foreign nationals.
Good the JB community has that fix. Just as good, the rest of us have 7.0.6
What would actually be useful here is for somebody to tell us WHICH apps are to blame here.
If Apple (and all companies) don't work with independent, third party security firms, this is one reason why they should. Increasingly we are putting our most private information in the cloud and transmitting it daily. Apple needs to step up and have their systems/software tested/hacked by firms which they hire so these issues can be found out before mass release. Some of the stuff that has gotten by Apple in the past was pretty crazy how it wasn't caught. Some stuff has little impact in day to day use. This one is big however.
That's a good idea. The other thing is, that they do not learn from their own software:If Apple (and all companies) don't work with independent, third party security firms, this is one reason why they should.
...
of course this story would be published the day samsung announces their touch id.
Business as usual then......
Well, you may have cut and pasted the message from the other thread, but it doesn't really apply here, at all. First of all, this is a "proof of concept" demo made by a security firm who is working with Apple to resolve the issue. It requires that a). someone else has discovered the same method, b). has managed to sneak it onto the Appstore. c). has managed to get their app popular enough for a lot of people to download and d). that you actually have installed this app yourself.