Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Address Bar Security Issue Found in iOS 5.1 Safari
- Thread starter MacRumors
- Start date
- Sort by reaction score
If Apple knows about it and acknowledges the issue, why did this group feel it was necessary to make this public before the patch was released?
It's one thing if Apple is dragging their heels, but 3 weeks doesn't seem unreasonable to push out a fix.
It's one thing if Apple is dragging their heels, but 3 weeks doesn't seem unreasonable to push out a fix.
Wirelessly posted
Doesn't take 3 weeks to fix a problem like this. Truth is, the person RESPONSIBLE for issuing the fix has been on vacation for the last 3 weeks. EVERYTHING is taking longer with these guys lately -- new products, software updates, you name it!!!
Doesn't take 3 weeks to fix a problem like this. Truth is, the person RESPONSIBLE for issuing the fix has been on vacation for the last 3 weeks. EVERYTHING is taking longer with these guys lately -- new products, software updates, you name it!!!
Handing over your personal info is a small bug?
I'm pretty sure they will plug it quickly but you know we have to get at least 1 non-issue or small bug response
Wirelessly posted
What are the odds that when they issue a fix for this issue they'll also FINALLY correct what is officially The World's Most Glaring Idiotic Software Screwup: the ability to delete ANY photo on my phone, not just ones I took with the camera!! Argh!! 5 years later and still nothing has been done about this. Unfreakinbelievable.
What are the odds that when they issue a fix for this issue they'll also FINALLY correct what is officially The World's Most Glaring Idiotic Software Screwup: the ability to delete ANY photo on my phone, not just ones I took with the camera!! Argh!! 5 years later and still nothing has been done about this. Unfreakinbelievable.
lol really, late by who's standards? its not like things have been announced and its been delayed?
Maybe they meant "address bar"?
If you are going to put out an exploit that is going to get worldwide media attention, at least use spell check.
You're welcome.
Glad someone actually understood what I was getting at instead of just giving me negative votes!
Well, in simple terms it turns javascript off in Safari.
As the security issue involves javascript, turning javascript off means the security issue is mitigated.
For example, when you try the linked demo page, it is immediately obvious the URL is not apple's website, but rather the majorsecurity.net one. Try it and see the difference if you like.
So, if you turn off javascript until this is fixed, it is likely to avoid it.
Personally I tend to browse with Javascript off anyway on my iOS devices because it makes browsing faster and less ad-ridden, (as well as arguably more secure as this particular issue might indicate) but it's easy to toggle on and off as needed.
Has this week become the "International Apple Flaming Week"?
Nothing but Flaming Apple News, and it seems that today's been the worse.
Apple stock closed slightly under $600/share today, undoubtedly due to all the negative news about Apple and the new iPad.
Nothing but Flaming Apple News, and it seems that today's been the worse.
Apple stock closed slightly under $600/share today, undoubtedly due to all the negative news about Apple and the new iPad.
Wirelessly posted (FCC Compliant two-way radio)
This seems like a pretty serious issue. Thanks to MajorSecurity.net for the discovery.
This seems like a pretty serious issue. Thanks to MajorSecurity.net for the discovery.
The question isn't which company has NO problems, you wont find it, the question is which company has fewest problems. Apple tends to fit that bill.
You're welcome.
Glad someone actually understood what I was getting at instead of just giving me negative votes!
Well, in simple terms it turns javascript off in Safari.
As the security issue involves javascript, turning javascript off means the security issue is mitigated.
For example, when you try the linked demo page, it is immediately obvious the URL is not apple's website, but rather the majorsecurity.net one. Try it and see the difference if you like.
So, if you turn off javascript until this is fixed, it is likely to avoid it.
Personally I tend to browse with Javascript off anyway on my iOS devices because it makes browsing faster and less ad-ridden, (as well as arguably more secure as this particular issue might indicate) but it's easy to toggle on and off as needed.
Thanks. I have another question. On my MBP and iMac (safari>preferences>security) I have enable java unchecked while enable javascript is checked.
Should I uncheck enable javascript here also? Or does this issue only affect iPhone and iPad?
I just browsed through a number of your posts - you are quite the collection of negativity towards Apple and Apple products - it permeates most of your responses.
Why don't you depart the platform and move on to whatever you could be more positive towards? Why spend time bashing Apple and the platform as you clearly hold it in such low regard?
Apple now decides that they'll rip off JavaScript functionality from its mobile browser.
"Just like Adobe Flash compromises performance, JavaScript is a security issue. HTML6 will provide through tags everything JavaScript provides through programming."
--JK, BTW
----------
Actually, (some) Apple consumers expect it will be always at the excellence level. It's always said that Apple pushes technology to innovation, so it's natural that consumers demand more from Apple on the quality side than from other manufacturers. That's why we're usually ok by paying more for an Apple tablet or a Macbook Pro than a HP counterpart.
"Just like Adobe Flash compromises performance, JavaScript is a security issue. HTML6 will provide through tags everything JavaScript provides through programming."
--JK, BTW
----------
Actually, (some) Apple consumers expect it will be always at the excellence level. It's always said that Apple pushes technology to innovation, so it's natural that consumers demand more from Apple on the quality side than from other manufacturers. That's why we're usually ok by paying more for an Apple tablet or a Macbook Pro than a HP counterpart.
Have you read through his posts? He is way past the category you described IMO.
I think I've seen you post about this before. Are you referring to photos that you sync through iTunes? If you don't want them on your iPhone just don't sync them. You're acting like there is no way to remove them at all.
Handing over your personal info is a small bug?
I'm very suspect about handing over any valuable information to website that is not https.
Yes sure SSL too is not perfect and limitations.
Come on, Apple. It's embarrassing. If they appear insecure, a bunch of people will freak out even after security fixes.
I don't see how anyone can try to defend Apple on this. Any little hole like that is a real screwup (like the PDF vulnerability they had before) since everyone will take advantage of it if it is not fixed. I got to jailbreak with the swipe of a finger in iOS 4.
I don't see how anyone can try to defend Apple on this. Any little hole like that is a real screwup (like the PDF vulnerability they had before) since everyone will take advantage of it if it is not fixed. I got to jailbreak with the swipe of a finger in iOS 4.