Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 25, 2014, 04:57 AM   #26
macdoofus
macrumors member
 
Join Date: Jun 2009
remote install, yikes, Srsly?
__________________
5s, AirPad, iMac, 5Pod, 3Pod
macdoofus is offline   1 Reply With Quote
Old Feb 25, 2014, 05:04 AM   #27
Jsameds
macrumors 6502a
 
Join Date: Apr 2008
Well it's certainly bad news that the exploit is there, but on the up shot at least it's now known and will be fixed promptly.
Jsameds is offline   1 Reply With Quote
Old Feb 25, 2014, 05:08 AM   #28
Reason077
macrumors 65816
 
Join Date: Aug 2007
Quote:
Originally Posted by ChromeCloud View Post
How is this even remotely considered a security issue?

Yes, every touch is logged, but none of the logs carry any semantic information about the touches.
You can infer some semantics based on the fixed screen positions of UI elements.

For example, the keyboard is always at the same position on the screen, so it would be possible to reconstruct any data entered like usernames & passwords, SMS messages, etc. Same goes for the dialer and passcode keypads.
Reason077 is offline   2 Reply With Quote
Old Feb 25, 2014, 05:14 AM   #29
H2SO4
macrumors 6502a
 
Join Date: Nov 2008
Quote:
Originally Posted by Macman45 View Post
Yep, but I bet we don't get a response...They'll just release yet another patch...I'm pretty conservative when it comes to Apps, but I do have SSH installed on phone and iPad....I may remove them for now.
Of course we won't get a response.
I love Apple products but the business model that forces software and hardware into obsolescence is one negative and this keeping schtum on security is what's most maddening.

The hardware and software I can find almost 100% functional workarounds for with the help of forums like this so the problem is mitigated somewhat. (MP 1,1 running ML for instance). But the Security things leave you in the dark and feeling vulnerable.
__________________
MP1,1. 30"ACD. 11GB
H2SO4 is offline   3 Reply With Quote
Old Feb 25, 2014, 05:15 AM   #30
Cuban Missles
macrumors 6502a
 
Cuban Missles's Avatar
 
Join Date: Dec 2012
Location: East Coast, USA
Now we know what flappy bird was really doing....

Obviously Apple needs to fix this. In the meantime, let close all our background Apps and think about cleaning up all the less reputable Apps that we have installed. And let's remember that just because the App Store is curated by Apple, it does not mean I that somewhere malicious App can't sneak it way in.
__________________
I have a collection of Apple stickers from all my Apple product purchases - they are white (the stickers not the products)
Cuban Missles is offline   2 Reply With Quote
Old Feb 25, 2014, 05:25 AM   #31
richman555
macrumors regular
 
Join Date: Jan 2010
Location: Reading, PA
I thought the Iphone didn't have multitasking... I heard it so many times in here.
richman555 is offline   8 Reply With Quote
Old Feb 25, 2014, 05:34 AM   #32
Roller
macrumors 65816
 
Join Date: Jun 2003
Quote:
Originally Posted by H2SO4 View Post
Of course we won't get a response.
I love Apple products but the business model that forces software and hardware into obsolescence is one negative and this keeping schtum on security is what's most maddening.

The hardware and software I can find almost 100% functional workarounds for with the help of forums like this so the problem is mitigated somewhat. (MP 1,1 running ML for instance). But the Security things leave you in the dark and feeling vulnerable.
The only response I care about is the quick release of a patch to fix the vulnerability that doesn't require waiting for the next iOS upgrade. Other than that, the only response Apple could give would be to acknowledge the security hole, say that they're working on it, and provide a temporary workaround. In this case, the workaround is to disable "questionable" apps running in the background, which might cause more confusion than good.

For better or worse, iOS is going to be a target, and Apple will just have to do its best to stay ahead of the game when it can and release patches rapidly when vulnerabilities come to light.
Roller is offline   0 Reply With Quote
Old Feb 25, 2014, 05:37 AM   #33
macdoofus
macrumors member
 
Join Date: Jun 2009
Quote:
Originally Posted by Jsameds View Post
Well it's certainly bad news that the exploit is there, but on the up shot at least it's now known and will be fixed promptly.
I put a JB fix on 7.0.4 (SSLfix)
__________________
5s, AirPad, iMac, 5Pod, 3Pod
macdoofus is offline   1 Reply With Quote
Old Feb 25, 2014, 05:41 AM   #34
starbird
macrumors 6502
 
Join Date: Mar 2010
Quote:
Originally Posted by macdoofus View Post
I put a JB fix on 7.0.4 (SSLfix)
Good the JB community has that fix. Just as good, the rest of us have 7.0.6
starbird is offline   1 Reply With Quote
Old Feb 25, 2014, 05:43 AM   #35
Jambalaya
macrumors 6502a
 
Join Date: Jun 2013
Location: UK
Quote:
Originally Posted by ChromeCloud View Post
How is this even remotely considered a security issue?

Yes, every touch is logged, but none of the logs carry any semantic information about the touches.

What those guys have just demonstrated is of no use to an actual hacker. It would be like tapping a phone line and then only be able to know how many calls are placed each day.
My thoughts exactly.

----------

Quote:
Originally Posted by richman555 View Post
I thought the Iphone didn't have multitasking... I heard it so many times in here.
It didn't use to, a type of multi-tasking, background updates etc, was added i(in iOS7?). That's my understanding anyway.
__________________
Mac Mini 2009 8GB 750HDD, iPhone 4S 16GB, iPad1 64GB, ATV 3
Jambalaya is offline   0 Reply With Quote
Old Feb 25, 2014, 05:50 AM   #36
rbgb
macrumors newbie
 
Join Date: Sep 2006
Quote:
Originally Posted by Asclepio View Post
welcome to the new microsoft.
It's inevitable that more and more security bugs will start to be discovered now that iOS usage is at a significant level (which apple has not had previously).

In my view apple should be more communicative about the security issues - it does not really help keeping it quiet. I don't think it will ever be as bad as the microsoft saga in 2004 but they may need to have a bit of a security purge over the next few months.
rbgb is offline   0 Reply With Quote
Old Feb 25, 2014, 06:13 AM   #37
Crunch
macrumors 6502
 
Join Date: Jun 2008
Location: Hollywood Hills, California
Quote:
Originally Posted by Swift View Post
Of all the kinds of military and state activity, I'm for cutting back the military to something more like "defense." I'm for the CIA stopping torture, not making military plans like Iraq; our intelligence services should have rules of engagement in foreign countries and with foreign nationals.
Oh c'mon, how is our country supposed to make money in this era where the military industrial complex is running on all cylinders? Those RPGs don't exactly launch themselves, yo.
__________________
(Late 2013) 27" iMac w/ quad-core Intel Core i5-4670 3.4GHz / 3.8GHz max. Turbo | NVIDIA GTX 775M w/ 2GB GDDR5 | 24GB DDR3-1600MHz RAM | OS X 10.10 DP5 | 256GB Samsung XP941-variant PCIe x2 SSD
Crunch is offline   3 Reply With Quote
Old Feb 25, 2014, 06:13 AM   #38
M-O
macrumors 6502
 
Join Date: Mar 2011
i'm more angry that this is probably reducing my battery life than it is logging my touch inputs.
M-O is offline   2 Reply With Quote
Old Feb 25, 2014, 06:13 AM   #39
macdoofus
macrumors member
 
Join Date: Jun 2009
Quote:
Originally Posted by starbird View Post
Good the JB community has that fix. Just as good, the rest of us have 7.0.6

cool. If that good its good. Will look into.
__________________
5s, AirPad, iMac, 5Pod, 3Pod
macdoofus is offline   0 Reply With Quote
Old Feb 25, 2014, 06:21 AM   #40
gri
macrumors 6502a
 
gri's Avatar
 
Join Date: Jul 2004
Location: New York City, aka Big Apple
Security

So, we are told basically do not go I to any non-trusted wifi, e.g. Airport or hotel. I am traveling in a few days so what do I do? Can anyone more versed thean me tell me? VPN? Use iPhone as router so it's not using the totally accessible wifi?
__________________
2.93 GHz MacPro 8 core, i7 2012 MBA; 2.7 Mac mini; iPhone 5, iPad 4
Brave enough to think differently, bold enough to believe he could change the world, and talented enough to do it.
gri is offline   0 Reply With Quote
Old Feb 25, 2014, 06:24 AM   #41
Sam...
macrumors newbie
 
Join Date: Feb 2014
Quote:
Originally Posted by Macman45 View Post
What would actually be useful here is for somebody to tell us WHICH apps are to blame here.
Yes why can't we know what apps have done this?
Sam... is offline   0 Reply With Quote
Old Feb 25, 2014, 06:25 AM   #42
furi0usbee
macrumors 6502a
 
Join Date: Jul 2008
Repost from that other security article... same message

If Apple (and all companies) don't work with independent, third party security firms, this is one reason why they should. Increasingly we are putting our most private information in the cloud and transmitting it daily. Apple needs to step up and have their systems/software tested/hacked by firms which they hire so these issues can be found out before mass release. Some of the stuff that has gotten by Apple in the past was pretty crazy how it wasn't caught. Some stuff has little impact in day to day use. This one is big however.
__________________
YouTube - Apple iPhone Support Hotline (Actual Phone Call Recording)
MacBook Pro 15" (Retina) 2.3GHz i7 / 8GB RAM  iPad mini (AT&T) (16GB)
furi0usbee is offline   1 Reply With Quote
Old Feb 25, 2014, 06:37 AM   #43
ElTorro
macrumors regular
 
Join Date: Jan 2013
These recent finds (SSL, etc) show that the famous Apple security is just a myth.
ElTorro is offline   6 Reply With Quote
Old Feb 25, 2014, 06:42 AM   #44
subsonix
macrumors 68030
 
Join Date: Feb 2008
Quote:
Originally Posted by furi0usbee View Post
If Apple (and all companies) don't work with independent, third party security firms, this is one reason why they should. Increasingly we are putting our most private information in the cloud and transmitting it daily. Apple needs to step up and have their systems/software tested/hacked by firms which they hire so these issues can be found out before mass release. Some of the stuff that has gotten by Apple in the past was pretty crazy how it wasn't caught. Some stuff has little impact in day to day use. This one is big however.
Well, you may have cut and pasted the message from the other thread, but it doesn't really apply here, at all. First of all, this is a "proof of concept" demo made by a security firm who is working with Apple to resolve the issue. It requires that a). someone else has discovered the same method, b). has managed to sneak it onto the Appstore. c). has managed to get their app popular enough for a lot of people to download and d). that you actually have installed this app yourself.
subsonix is offline   2 Reply With Quote
Old Feb 25, 2014, 06:43 AM   #45
irnchriz
macrumors 6502a
 
irnchriz's Avatar
 
Join Date: May 2005
Location: Scotland
Surely this is an issue that can be solved with better monitoring and testing of submitted apps to the app store? If you get all of your apps from the app store and Apple stop the malicious apps then you have nothing to worry about.
__________________
irnchriz is offline   0 Reply With Quote
Old Feb 25, 2014, 06:45 AM   #46
Mr. Retrofire
macrumors 601
 
Mr. Retrofire's Avatar
 
Join Date: Mar 2010
Location: www.emiliana.cl
Quote:
Originally Posted by furi0usbee View Post
If Apple (and all companies) don't work with independent, third party security firms, this is one reason why they should.
...
That's a good idea. The other thing is, that they do not learn from their own software:
http://apple.stackexchange.com/quest...erminal-app-do

A similar option in the iOS preferences would solve the problem (AFAIK).
__________________

“Only the dead have seen the end of the war.”
-- Plato --
Mr. Retrofire is offline   0 Reply With Quote
Old Feb 25, 2014, 07:10 AM   #47
efktd
macrumors regular
 
Join Date: Sep 2011
Location: USA
of course this story would be published the day samsung announces their touch id.
efktd is offline   1 Reply With Quote
Old Feb 25, 2014, 07:11 AM   #48
cdmoore74
macrumors 65816
 
Join Date: Jun 2010
If this was Android we would already be at 300 responses saying how bad Android/Google is. How does it feel now?
cdmoore74 is offline   6 Reply With Quote
Old Feb 25, 2014, 07:14 AM   #49
Dave.UK
macrumors 6502a
 
Dave.UK's Avatar
 
Join Date: Sep 2012
Location: Kent, UK
Quote:
Originally Posted by efktd View Post
of course this story would be published the day samsung announces their touch id.
Meaning?
Dave.UK is offline   0 Reply With Quote
Old Feb 25, 2014, 07:21 AM   #50
Parasprite
macrumors 65816
 
Parasprite's Avatar
 
Join Date: Mar 2013
Quote:
Originally Posted by H2SO4 View Post
Business as usual then......
It sounds like they submitted a bug report...

Hopefully engineering has everything they need, otherwise this might be a while.

----------

Quote:
Originally Posted by subsonix View Post
Well, you may have cut and pasted the message from the other thread, but it doesn't really apply here, at all. First of all, this is a "proof of concept" demo made by a security firm who is working with Apple to resolve the issue. It requires that a). someone else has discovered the same method, b). has managed to sneak it onto the Appstore. c). has managed to get their app popular enough for a lot of people to download and d). that you actually have installed this app yourself.
*closes flappy bird...*
__________________
Has anyone, anywhere, ever actually used ~/Pictures/iPod Photo Cache/ for anything besides deleting or hiding it?
Parasprite is offline   1 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Resolved: iPhone 5s / iOS 7 security flaw ctross iPhone 2 Sep 24, 2013 04:12 AM
Alleged iPhone 5S User Guide Photo Highlights Fingerprint Sensor As 'Touch ID' MacRumors MacRumors.com News Discussion 532 Sep 18, 2013 10:39 AM
New iPhone Passcode Security Flaw Discovered in iOS 6.1.3 MacRumors iOS Blog Discussion 92 Mar 25, 2013 04:42 PM
Major iOS security flaw. CylonGlitch iOS 6 21 Feb 16, 2013 02:47 AM
I have just discovered a major security flaw in iOS 6.1 S1RiOS iPhone 71 Feb 15, 2013 10:20 AM

Forum Jump

All times are GMT -5. The time now is 07:08 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC