Apple better damn well put out a release before the exploit goes public

Discussion in 'iPhone' started by St. Germain, Jul 29, 2007.

  1. St. Germain macrumors 6502

    Joined:
    May 19, 2006
    #1
    There is no excuse whatsoever for :apple: to not put out an update to fix the exploit that was found. Right now it's ok that there's no fix because it only exists in a closed lab. However since that group is explaining the vulnerability to the Black Hat conference on Aug. 2nd, there is no excuse for there not to be a fix out by then.

    The iPhone is particularly vulnerable because it relies heavily on online "applications." All some hacker (the evil kind) would need to do is design a semi-popular iPhone app that iPhone users would flock to, then exploit away.

    I would be very happy to wake up tomorrow to the first iPhone patch.
     
  2. javaGuru macrumors 6502a

    javaGuru

    Joined:
    Jul 15, 2007
    #2
    I agree that they definitely need to submit a patch for the security risk very soon. Hopefully they are working dilagently on getting this update ready to be released very soon.
     
  3. St. Germain thread starter macrumors 6502

    Joined:
    May 19, 2006
    #3
    We'd better see a fix for this exploit in the next two days. :mad:
     
  4. xUKHCx Administrator emeritus

    xUKHCx

    Joined:
    Jan 15, 2006
    Location:
    The Kop
    #5
    Think they will release the update to fix the hole as well as providing lots of updates all at the same time. This timeline will have been pushed forwards by the upcoming release to the public of the details so i think it will arrive pretty song.
     
  5. overcast macrumors 6502a

    Joined:
    Jun 27, 2007
    Location:
    Rochester, NY
    #6
    He sits on a public forum and continues to bitch and whine. This exploit relies on a lot of specific circumstances to all be occurring at once. It's really a non issue but does require a fix.
     
  6. Lancetx macrumors 68000

    Lancetx

    Joined:
    Aug 11, 2003
    Location:
    Texas
    #7
    Agreed, but that hasn't stopped the likes of NBC News and others from televising massively sensationalized reports on the subject. :rolleyes: I remain confident though that Apple will get a fix out before Thursday.
     
  7. St. Germain thread starter macrumors 6502

    Joined:
    May 19, 2006
    #8
    Or else! ;)
     
  8. maccompaq macrumors 65816

    maccompaq

    Joined:
    Mar 6, 2007
    #9
    Update on the way according to my neighbor's uncle's brother's girlfriend's sister's good friend, B. Gates.
     
  9. kdarling macrumors demi-god

    kdarling

    Joined:
    Jun 9, 2007
    Location:
    Cabin by a lake
    #10
    What specific circumstances are you talking about?

    All it takes is to visit a website that has an exploit in place.

    That's incredibly easy to arrange. All one would have to do is post a message, like "free iPhone cases!" or "The first update is here! read this site for the news!"... and thousands of people would click on the link.

    Bam. They're nailed.
     
  10. rdrr macrumors 6502a

    rdrr

    Joined:
    Nov 20, 2003
    Location:
    NH
    #11
    You have news from your cousin's-neighbor's-mother's-friend who knows someone who work with a person who worked at apple? :p
     
  11. gceo macrumors 6502a

    gceo

    Joined:
    Jul 13, 2007
    Location:
    San Diego, CA
    #12
    Unless you spend time going to websites that you've never heard of before, it's a moot point.

    Practice safe surfing....!

    What I'm getting sick of is all my friends saying "you better watch out, I hear all your info is available to steal"

    The media is blowing this up, and we all know that an update is around the corner. But the truth is the iPhone is a computer, and ALL COMPUTERS have security flaws. There will be many more to come on the iPhone, but I sure am glad I don't own a Windows Mobile device.
     
  12. aristobrat macrumors G4

    Joined:
    Oct 14, 2005
    #13
  13. bmustaf macrumors regular

    Joined:
    Jul 6, 2007
    Location:
    Telluride, CO
    #14
    I agree...besides, someone really must be very bored to read my text messages, see my contacts, et al. Maybe I'm a bit more reticent about people reading my email, but I don't exchange social security numbers, passwords, or credit card numbers via email, either! Anyone who considers plain text communications (read: SMS, pretty much all email) to be a secure carrier for anything remotely sensitive has to be crazy.

    Big deal, Joe Q hacker knows who I'm dating, where I had dinner, and all about my loathing for Entourage...hope he has fun living vicariously through my SMSes!

    Does this exploit provide anything more than read-only access (outside of the malicious dial capability)?

     
  14. kdarling macrumors demi-god

    kdarling

    Joined:
    Jun 9, 2007
    Location:
    Cabin by a lake
    #15
    From your comment about dialing, you must be thinking of the simple HTML exploit, not the major new one that was found, wherein a buffer overflow allows running an executable.

    Any exploit that allows an executable to be placed and run on a device (especially this one, where every process is run as root), can allow read and write access.

    Key logging, for example. Everything you type can be secretly saved and copied to another server for analysis.

    Think about that. Bank passwords, anyone?
     
  15. Kchino macrumors member

    Joined:
    Jul 4, 2007
    #16
    ISE hasn't divulged the details of the exploit, thats what they plan on doing Thursday. They did mention that since all processes on the iPhone run as root, that they could take complete control of the device and consequently, world domination;).

    Really though, Apple has had all of ISE's findings since 7/17, they should patch it already.
     
  16. aristobrat macrumors G4

    Joined:
    Oct 14, 2005
    #17
    Oh, so they can run the Hello World executable that's been compiled for the iPhone?
     
  17. itsallinurhead macrumors 6502

    itsallinurhead

    Joined:
    Apr 23, 2007
    Location:
    Southern California
    #18
    For some reason I feel as though they won't release anything till after Black Hat.
     
  18. JC4 macrumors member

    Joined:
    Apr 19, 2006
    Location:
    Columbus, OH
    #19
    I don't care about the exploit. I just want iPod to stop crashing while using Safari. And, for Safari to stop crashing. Very annoying pair of bugs.
     
  19. Joshua8o8 macrumors 6502

    Joined:
    Jul 2, 2007
    Location:
    Honolulu, Hawai'i
    #20
    i don't know what the hell is taking so long for an update of any kind. There are so many small issues that could be easily fixed by an update, and i don't understand, i thought after the hackers found a way to put ringtones on the iphone we would for sure see an update. I mean isn't apple losing money?
     
  20. kdarling macrumors demi-god

    kdarling

    Joined:
    Jun 9, 2007
    Location:
    Cabin by a lake
    #21
    They've compiled SSH, Apache, Python and run them on the iPhone.

    They've also been able to write a program to send commands to the GSM device.

    And that was over a week or so ago ;)
     
  21. AHDuke99 macrumors 68020

    AHDuke99

    Joined:
    Nov 14, 2002
    Location:
    Charleston, SC
    #22
    my broker even advised me not to buy apples stock because of this and the duke network issues. The media is out to get apple.
     
  22. drchipinski macrumors 6502

    drchipinski

    Joined:
    Jul 12, 2007
    #23
    AMEN! :D
     
  23. Kchino macrumors member

    Joined:
    Jul 4, 2007
    #24
    That's a good point Joshua, I think Apple has taken a step back because of the immense interest in hacking the iPhone. My guess is that they're trying to figure out how much they are going to "ignore", which they definitely will as they don't have the man or woman power to compete with the dev clubs. Also how they can proceed forward, make money for functionality such as ringtones but at the same time alleviate the need to hack for features they omitted.

    I think they made a mistake by leaving out all the things they have. It has rallied the dev community! It is in stark contrast to Jobs wanting a secure safe environment for the iPhone that just works, at least the way Apple wants it to work.

    I'm interested to see if the subsequent updates disable the modifications that many people want and need. This thing just gets more interesting by the day.
     
  24. St. Germain thread starter macrumors 6502

    Joined:
    May 19, 2006
    #25
    Lets be honest...about 90% of the new iPhone "apps" are web pages we've never heard of before. That's why I think we're particularly vulnerable. iPhone users are flocking to these sites by the thousands. A friend who has a new app has already had it visited by over 100,000 individual iPhones. Again, it would just take someone creating a semi-popular new iPhone specific web "app" to get iPhone users rushing to their site. I'm not saying this particular exploit will be used that way, I just think that this kind of stuff needs to be patched ASAP, and especially before it's released to an entire conference of hackers.

    I have full faith in the fact that Apple will patch this and my worrying will be for nothing. They just really need to stay on top of this because these web "apps" make us particularly vulnerable I think, and dozens of new ones pop up each day.
     

Share This Page