I heard they are intentionally throttling their phones too and call 'power management', I'm surprised there hasn't been more lawsuits.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Confirms iPhone Source Code Leak is Real, But Says its Security Doesn't Depend on Secrecy
- Thread starter MacRumors
- Start date
- Sort by reaction score
My understanding is there most likely is very little difference in the bootloader (iboot) in iOS 11 and iOS 9?
My understanding is there most likely is very little difference in the bootloader (iboot) in iOS 11 and iOS 9?
Maybe, maybe not. We'll have to wait for the iOS 11 one to leak and compare them.
Apple only does security updates to the latest iOS, almost without exception. That is completely true. The single exception I can think of is that iOS 6.1.6 fixed the SSL bug, and that was released after iOS 7 was out. Every security release other than that one exception has been exclusive to whatever the latest iOS is. If you are aware of any others, feel free to correct me. But even if there is one or two more, my point stands--Apple almost never does this.
What duplicity?
Case in point, there have been no security updates to iOS 10 since iOS 11 released. Meltdown and Spectre have been fixed in iOS 11. They have not been patched in any other iOS because Apple doesn't do that. Any device that has not or cannot be updated to run iOS11 remains vulnerable. As of November 2017, 48% of iOS devices are not running iOS11.
It's debatable whether or not an iOS device < 11.x is actually vulnerable to Meltdown. Sure the CPU would be, but you have to get the code onto the phone first. Spectre, on the other hand...
I know, just saying internet outrage doesn't take vacation. So I'm glad they are on top of this with a response.
I think the important difference here is that every iPhone or iPad with an A7 (released in 2013) or newer is capable of upgrading to iOS 11. If Apple needs to fix a bug for iPhone 6s (shipped with iOS 9) it makes sense they would fix the bug in only iOS 11 and not iOS 9 or 10, because iOS devices only update to the newest version available. Since the iPhone 4s, Apple seems to support devices for FIVE years, that seems pretty reasonable to me. To my knowledge there are no phone manufacturers still supporting devices from 2012-2013 with all the latest bug fixes and security patches.
My understanding is there most likely is very little difference in the bootloader (iboot) in iOS 11 and iOS 9?
Very likely, but also misleading.
You could have a million lines of code leaked. A security flaw is discovered and only 100 lines of code are changed in the next version to fix the exploit. The old version is still 99.99% identical to the new version, but the exploit is no longer there.
A very small difference in code could have a huge impact on it being useful to anyone.
iOS with rare exception drops updates like a hot rock as soon as a new major version comes out. This is factually true:
The last security fix for iOS 1 was in July 2008, the same month iOS 2 came out.
The last security fix for iOS 2 was in January 2009, five months before iOS 3 came out.
The last security fix for iOS 3 was in August 2010, two months after iOS 4 came out.*
The last security fix for iOS 4 was in July 2011, three months before iOS 5 came out.
The last security fix for iOS 5 was in May 2012, four months before iOS 6 came out.
The last security fix for iOS 6 was in February 2014, five months after iOS 7 came out.*
The last security fix for iOS 7 was in June 2014, three months before iOS 8 came out.
The last security fix for iOS 8 was in August 2015, one month before iOS 9 came out.
The last security fix for iOS 9 was in August 2016, one month before iOS 10 came out.
The last security fix for iOS 10 was in July 2017, two months before iOS 11 came out.
* The two exceptions are a single update 2 months later, and a single update 5 months later.
It’s websites like this, and their sources, that cause Apple’s secret projects’ secrecy to be spoiled.
As for not interesting, I just paired by awesome AirPods (of which they can’t make enough, apparently) to my cellular-enabled AppleWatch and went for a run which was tracked my my health app. If you find those products boring, maybe tech isn’t for you. Just sayin’.
Yes, if flaws are found... but we know that's not really an "if". I honestly don't believe there's software out there without flaws, and because the software hasn't previously been exposed to scrutiny by a large number of people, chances are very good that people will find some exploits.
I feel bad for Apple. It seems like someone in there is trying to sabotage the company.
If they don't rely on secrecy, why is it secret? Maybe afraid of copying.
[doublepost=1518128118][/doublepost]
[doublepost=1518128118][/doublepost]
It's not a big deal, but there is some risk. With Windows, it would've turned slightly ugly had someone found a vulnerability and managed to exploit it. This is why I like software to be mostly open source in the first place.
If security doesn't depend on secrecy than why has every jailbreak in history ever relied on exploiting the code?
On iOS, with the exception of iOS 6.1.6. Shame they don't provide security updates for older devices (especially the ones the were selling near to the point of withdrawing support).
I know that the public eye on code can have some benefits for everyone, but I hope that the person that leaked the code burns in that really hot place down under.
The iOS 6.1.6 security update came out 5 months after iOS 7, so that can't be true. This exception proves that security updates for the previous iOS has been done before and is possible.
As of September 2017 (latest article I can find), iOS11 was running on 52% of devices. That's 48% of devices with known security vulnerabilities.
If Apple put security updates in just two prior revs of iOS instead of abandoning them completely, it would be 98.5% of devices protected. I don't think two prior revs of iOS getting security updates would be unreasonable. In the current situation people have to choose between outdated security or an update that will potentially make their device cripplingly slow and break 32-bit apps.
Last edited:
Kinda impossible to do that on devices iOS 11 can't run on ... like oh all those still quite usable iPad 2s and iPhone 4s.
This just further affirms my move away from Apple products. At least with Android and I can root the device and go about custom fixes from major problems. Instead of "upgrading" to iOS 11 devices, I'm "upgrading" to Android, where I can go in and fix it myself (or find 3rd party options to get fixes).
I'm done with Apple's treadmill of abandonment and appliance making. G.G. Apple, you took what was once a loyal customer and turned me into someone who's now actively pushing family and friends away from your platform.
The reason iOS 6 was updated after iOS 7 came out was for iPhone 3GS users because iPhone 3GS was unable to update to iOS 7 at all. Updating iOS 9 and 10 would still be useless for most of the 48% not running iOS 11 because most of those are people running devices capable of running iOS 11 but they haven’t updated yet. That is the user’s fault for not updating to iOS 11, not Apple’s fault for not updating iOS 9 and 10. Any iOS 5s, 6, 6s, or 7 users still on iOS 9 or 10 aren’t abandoned by Apple, nor would they be able to update to new patched versions of iOS 9 or 10 because the device would go straight to iOS 11.