Why is that funny?
i've warned plenty about downloading that emulator and i've gotten crap about "who the hell cares, it's still secure, it's not like I jailbroke my device"
Why is that funny?
i've warned plenty about downloading that emulator and i've gotten crap about "who the hell cares, it's still secure, it's not like I jailbroke my device"
Would removing the effected app even remove the breach?
Didn't answer my question. The emulators have nothing to do with this "security" flaw. They were legit open source apps that didn't do anything malicious to the device or to the user's data.
So I ask again, why are you laughing at the people who downloaded emulators?
And again, the flaw/exploit isn't actually with that aspect of it all.Apple warns you,,, it doesn't prevent u...
Two different things....... The user is still the final tally.
Apple's way.... I hate Apple's way, since they deliberately go out of their way to open up the ability for anyone to get apps from anywhere, and then we all get scared when it comes to light that "apps from outside the app store is installed can cause a vulnerability"
I mean, what sort of a ding-a-lings are working on iOS app store not to even see this...
A company allows u to get apps from outside of the app store ? Of cause it's a security risk....
And if it makes it eaiser, since developers may not want to get their app on the app store, pricing etc... i understand that, but it also allows for them to do anything they like....
Personally, if i had my view, i would just say ... "Only on the app store" and if u want to break the rules and getting this stuff from outside... then tough.......It's an Apple device which is is meant to be "secure"
How can we call it that when Apple keeps allowing this crap in ?
Apple is not allowing this this crap, yet people go above and beyond and find it compelling to "jail break" their iPhones and download "cracked" apps.Apple warns you,,, it doesn't prevent u...
How can we call it that when Apple keeps allowing this crap in ?
And again not what this is really all about.Apple is not allowing this this crap, yet people go above and beyond and find it compelling to "jail break" their iPhones and download "cracked" apps.
Ignorance of some never sees to amaze me... Wreck your iPhone out of your good will and then complain to Apple that their product is crap... WTF...?!
That's not really the part where the flaw is and what can be exploited. It's about one installation being able to overwrite another completely unrelated installation, and not about simply being able to install something from outside the App Store or something like that.
----------
This pretty much summarizes it fairly well. A lot of people seem to concentrate and discuss something else entirely and not the actual flaw and potential exploit. And then there are also people who either blow it out of proportion or talk about it being blown out of proportion when neither one of those things is true either.
The reality is that there is a flaw that can be exploited, it's not something that is widespread and doesn't seem like it would become something widespread, but it is a security issue nonetheless and as such should be something that isn't ignored for long. That's really pretty much it.
Although it's off topic - how has this post got a down vote..?
Another masque attack..?
Wow. Everyone is looking past this subtle part of Apple's response:
Hope this doesn't mean the closing of OS X!
Adobe Photoshop? Microsoft Office for OS X? Are these gold standards available on the Mac App Store?
I don't think so...and to install them you have to break security code and change your settings, and allow untrusted installs...
Oh no! Apple doesn't want you installing these evil programs. They want you to use only Pixelmator and Pages...
Right...
Regardless of how many people do or do not have it, it needs fixed. Step up Apple and get this sorted before some poor fool does become victim of it!
Um, you do realize that Apple is slowly closing down OS X, right? If not, then your oblivious to this line in Apple's response: "only download apps from our App Store".
We encourage customers to only download from trusted sources like the App Store
And you just quoted me saying I have no idea about something yet providing no information at all as to why, which basically didn't add or explain anything and certainly didn't make anything I said incorrect in any way. A waste of time indeed.WTF?!? You just quoted a bunch of guys, told them they were all wrong and YOU were really the guy with no idea. What a waste of time!!
----------
Not sure but time to bring out the conspiracy theories. Mods controlling the world!!
Maybe it's the new Mosque attack on MR funded by Islamic State?
And you just quoted me saying I have no idea about something yet providing no information at all as to why...
All that was in your explanation and that of others that I quoted was some tirade about installing from outside the App Store and people not being careful. When the actual exploit is not about the part of installing from outside sources (which isn't new, weird, or bad in some way) but about one outside source being able to overwrite a whole different app, which is something that shouldn't be happening.Nice argument but myself and others (who you quoted) already explained the mechanism of the attack (so has the article). You're just randomly calling people wrong and the onus is on you to prove me, other posters, the article and security experts wrong before you start telling me to respond.
All that was in your explanation and that of others that I quoted was some tirade about installing from outside the App Store and people not being careful. When the actual exploit is not about the part of installing from outside sources (which isn't new, weird, or bad in some way) but about one outside source being able to overwrite a whole different app, which is something that shouldn't be happening.
It's pretty simple, but people choose to concentrate on discussing and attacking other parts of it all which still doesn't addrsss the actual exploit that exists and should be addressed.
All that was already explained fairly clearly and ignoring it and just calling it wrong just because doesn't change the realty of it.
What does one have to do with the other, or more importantly with the actual flaw? The exploit is with an installation being able to install itself over another unrelated and previously installed app.You're confusing what the app does with how it gets installed in the first place.
Because Apple always claims that their "closed" system is more secure than those others due to the review process?
Frankly, I don't understand why some people on this forum keep downplaying these security flaws. Perhaps they think they need to "defend" Apple, but that is misguided IMO. The "fappening" made it very obvious that Apple doesn't necessarily act to improve their security policies without public pressure. If that hadn't happended, we'd probably still have the weak iCloud security policy and incomplete 2-factor authentication. Public attention can only help to make the system more secure for everyone by forcing Apple to act.
The facts are actually not really those as already has been pointed out in many posts. Yes, something is definitely required on user's part and yes this wouldn't apply to most, but it's certainly easier than the phone needing to be jailbroken or provisioned in some way from the beginning.I believe some people here are responding to this, and other, articles that omit half the facts -- facts that, for most intents and purposes, nullify any newsworthiness. This "flaw" requires either the phone be jailbroken or the phone has been provisioned in a certain way, typically in an enterprise, and typically for internal app testing puposes.
What does one have to do with the other, or more importantly with the actual flaw? The exploit is with an installation being able to install itself over another unrelated and previously installed app.
Nice of you to say I call people names I've done no such thing. Pointing out someone is incorrect or misinterpreting something is not even in the same league as pointless name calling. But nice attempt at trying to make me seem like I just put people down, truly makes for a strong argument.Have a beer and think about that one mate...
This is the whole reason why you are lost and you're calling those who understand idiots instead of lostening. You don't understand HOW it's all happening, you just care about what it's doing.
RL example... leave a bank vault open, never lock it. When somebody robs the bank you can't then say 'the door was not strong enough!!! The company that made the door should fix this security hole!!!' because you left it open.
Same here. By using a pirated dev certificate and trusting apps distributed by hackers directly, you're leaving the door right open. Apple can't prevent you from intentionally installing this kind of garbage using a pirated dev certificate.
Get life and enjoy what you have