Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Releases iOS 9.3.5 With Fix for Three Critical Vulnerabilities Exploited by Hacking Group
- Thread starter MacRumors
- Start date
- Sort by reaction score
Just updated mine.
This has me curious though: are older iOS versions (ex, 6 and below) even affected by this exploit? I would imagine it's too outdated for the code to run.
This has me curious though: are older iOS versions (ex, 6 and below) even affected by this exploit? I would imagine it's too outdated for the code to run.
Last edited:
You are surprised that they release a bug fix after they discover and create a patch for a security expliot? Wouldn't you want them to fix it as quickly as possible and make it available?
I've noticed that I have to do more bug fixes on my own code when - I'm working on too many things at once, the requirements are vague, or I'm rushed by my boss to "just get it out there"
[doublepost=1472318265][/doublepost]
Even when an OS is 'rewritten from the ground up" a lot of it will be reused. It's not like that for loop that I used to count emails in your inbox for display in your mail app will need to change much, if at all, between iOS 7 to iOS 10.
I'm still waiting to see the expertise. I see a lot of pie in the sky expectation and misunderstanding of tech articles.
If you spend that much time reading your own posts, you're probably navel gazing. I'd think changing your browser to use a different font so all posts are in Arial would make more sense, but you're so technically adept, I'm sure you already thought of that.
People want control of their devices. Reasons to hold off on updates have already been discussed.
Risk - Any change introduces risk into the system. no matter how much you test, you cannot be 100% certain that change won't have unintended consequences. Risk-averse people will hold off on updates. There have been several iOS updates that have been recalled shortly after they were released due to bug reports.
If it isn't broken why fix it? - this is related to risk. the idea is to not change something that is working unless you have to, especially if you use it for business. I was in the iOS 9 beta. There was one iOS 9 beta update the broke the alarm and phone ringer on my phone. Not only did I wake up late for several times , I missed calls from my boss who became frustrated that I never answered my phone when I was needed.
This is why I don't do iOS beta programs anymore. I like having new features, but I like having a paycheck more
What you've mentioned could broadly fall under a category of half-baked iOS software, i.e. bricked devices, broken alarms etc. (I'm a broken alarm victim too, and now have a non phone back up alarm!) The risk is there because the software isn't fully up to scratch in the first place. Updates that users are opting for by tapping "okay, install" already have some unexpected consequences, but this is because of bad software to begin with. That's a separate issue in my view that Apple needs to address, quality control, 100% every time. I know Apple can do it. Every update pushed needs to be perfect, and not an experiment. I view periodic updates to features (that users could control) as different to continual updates to security patches.People want control of their devices. Reasons to hold off on updates have already been discussed.
Risk - Any change introduces risk into the system. no matter how much you test, you cannot be 100% certain that change won't have unintended consequences. Risk-averse people will hold off on updates. There have been several iOS updates that have been recalled shortly after they were released due to bug reports.
If it isn't broken why fix it? - this is related to risk. the idea is to not change something that is working unless you have to, especially if you use it for business. I was in the iOS 9 beta. There was one iOS 9 beta update the broke the alarm and phone ringer on my phone. Not only did I wake up late for several times , I missed calls from my boss who became frustrated that I never answered my phone when I was needed.
This is why I don't do iOS beta programs anymore. I like having new features, but I like having a paycheck more
My other post describes the technology that seamlessly updates security patches. Pretty interesting.
https://forums.macrumors.com/thread...y-hacking-group.1989833/page-16#post-23287020
[doublepost=1472321512][/doublepost]
I don't think I've misunderstood the tech article summarised at:
https://forums.macrumors.com/threads...y-hacking-group.1989833/page-16#post-23287020 It's pretty neat and a good way forward for the security aspects of devices.
If an automatic update came in and messed something on the phone while you absolutely needed it to work, low probability but it COULD HAPPEN, maybe you'd think differently about it.
That's why you don't want updates being done on a live system you don't know the state is (what the user wants to do with it at that very moment).
You probably don't get the Apple reference from the Gil Amelio
Apple CEO days. Google the ship phrase.
[doublepost=1472163243][/doublepost]
Why does the user even need to know about an update that is patching a security flaw. It should be seamless and require no user interaction.
Um require no interaction? In case you live on planet Mars - this is a litigious society and everybody I mean everybody these days sue Apple for every l i t t l e thing. Think about seamless and "not knowing". Dreams
I usually find updating iOS from, say, 8 to 9 usually involves more steps such as reconnecting to wi-fi, entering Apple ID, enabling location services/Siri, etc.
However, I just updated an iPhone 5 from iOS 9.3 to 9.3.5 and it showed the welcome screen, then wi-fi selection(although it remembered my settings, then iCloud login. I usually find updating to the next minor version(e.g. 9.3.4 to 9.3.5) requires much less input on my part.
I've never had to disable Find My iPhone, though. Interesting...
Ok seriously.... While it's all so very touching such blind adoration for and zeal to defend Apple but come on.... Yes it's a very complex arena and yes errors will be made released pushed and patched. That level of inherent risk we all are completely aware of whenever we take an ip assignment .... But I have to side with (those whom you'd call criticizers ) because you may not like their tone or their quite honestly very fair conclusions on apple's assumed burden of responsibility and the failure ... Time after time to do so.. They produce a product that if not safe guarded well can literally be life threatening to its users.
Let me explain it this way drawing comparisons to my industry... Commercial aviation..... Virtually every aircraft in the sky has countless system running in synchronicity and the majority simply can not fail be compromised or breached contain a bug that affect performance it just can not happen.... Oh the software certainly has holes hidden nightmares everything every price of complex coding can suffer has happened is happening will happen in increasingly sophisticated ways. Can you imagine how many times daily Flight System Software is patched re patched wiped restored? You wouldn't believe it... And yet it CAN NOT fail simply not an option . The software is totally susceptible to anything you can think up but still engineers programmer and a slew of of ther departments some how can predict asses calculate attempt to mitigate every possible malfunction that has happened that we know could happen and future types of failures we have never seen before. They do this with remarkable effectiveness and what must be a gift of clairvoyance Ms Cleo could have only wished for. Even after all that is done tested re treated had bullets shot at it even then 2 or more backup systems that operate independently and often in very different manner than the parent system. Why.... Because failure is not something that can happen it can not fail or people die. Today we fly frequently and obviously. Never knowing the trillions of calculations and adjustments performed a second to ensure we live. And that dramatic yet very real threat has done what to you all... The consumers..... You me everyone has a (delusional) level of expectation that a major system like FMS can't and won't and if it should the pilots can fix with a magic restore code before the aircrafts ability to operate is degrading.... We all believe that commercial aviation , having the greater responsibility of all, our literal lives at steak; we all somehow have decided that those systems will never fail or execute flight control commands outside of the defined paramtors.
So to the point for those of you righteous and Nobel champions for Apple when you tell me to cut them some slack because it's a long tiring ever evolving battle against the evil jail break developers or unbiased security firms who thankfully get rich opportunities to sharpe their skills and you go on to say Apple can't possibly predict prevent etc such breeches I the clearly premature code they release in a childish battle to stop jail teaming. For god sake they ow. The phone let them set it on fire dropout in Lava throw it in jail who cares? If nothing else it does what happened these past few patches it brings the errors to light and the faster that's fine the more likely fewer will be harmed.
So we have commercial aviation.... It CAN NOT fail we believe that deep down and why? Well partly cause it almost never does fail but primarily because the consequence for it failing is sevre injury and more likely death. And that cannot be allowed to happen and the burden to ensure that doesn't fall on the DOT or FAA exactly... They regulate and respond , but they are really involved in prevention technology development testing etc. the airline is. And if they fail and you or a family member is involved in an emergency situation and God forbid but the person your family member is killed..... How many of you will post online... Poor so and so airline their product is top notch always , customer service routinely and safety record light years above any of its competition let's give them a break as it would be 'asinine' to think anyone could foresee these types of freak air events. You would be a blabbering idiot of you said that... But if ever there were an industry who's world revolves around safety it aviation and according to your logic and taking into account what they did successfully thwart the are the one who literally did everything humanly possible to ensure safety. But the end result is your family member perished in the hands of xyz air lines and for that they will never be forgiven they will pay dearly and there's not a alternate universe out there where you'd defend then in some online forum.
This is not an overly daramatic comparison. Think of this for a moment instead of your next PR campaign for Apple.... Do you think jist possibly those exploits could have assisted in movemental ways, a sex trafficker from abducting a child at the dance rehearsal the security hole allowed go to access including date time location txt a hand so on? The kidnapper knew where and when and how to execute an abuction .... Which could be potentially could be life threatening. Or infrastructure terrorist attacks, lost garbage barges , intercepted social security checks since the crook knew when grandma jerks her mail.... Those I thought of just now Apple had years to brainstorm and just as the airline designed tested implemented tested simulated explore and designs mitigation techniques to ensure consumer aren't harmed . The consequences are identical and actually probably more people will suffer defeating losses at work school home than will suffer an air emergency event. Yet you forgive and even zealously defend the precious software giant who has unlimited resources . And the airline ? Well we all know that it takes one or two air events and the carrier is doomed. Never to operate ever again forever will go down in history as monsters and certainly listed on the "for fear of your life so not fly on xyz"
Stop defending Apple... Likewise stop barrating them with told ya sos and if you had onlies . Because if knew anything about what you are after the fact recommending they should have done ... You'd already be working for them.
Apple had a responsibility legally and morally especially given the companies constant iminsinuation that they are he community and if we suffer they suffer. If the software isn't ready it's not ready. Yes I realize the board and the execs need a release out pursuant to the master business plan but go back to aviation once more... If Boeing released and verified a new jetliner know that not everything and been tested to sufficiently and that beautiful shiny airline exploded and people died you can't in good conscience say 'they did and are doing the best and should be supported by consumer while they address what cause that aircraft to explode killing hundreds.... If you wouldn't stand by that logic then how are you able to tout apples innovation and "counter sit and wait" approach to safety? These pieces of is code a released are premature and certainly not tested to the degree at which maximum safety potential is incorporated. Where are the multiple backup failure resolving systems in place mitigate the threats and can assure us a seemless trasitin from catastrophic event failures back to fully operational and .
Thank you for entertaining my thoughts. Again I'm bashing Apple I agree they are quite innovative and involved in their products from research to release . However they fail miserably at identifying admiting addressing and exposing vulnerabilities that I reiterate are potentially life threatening. What to me is near criminal neglect is the lack of backup systems when there's a failure .... You would think the company who's encryption stumped our own FBI could at the very least , when a device is thought to be compromised automatically and seamlessly ceases all activity in the affect area of operation. If my kernel is at risk shut it down... Same goes for anything else that conceivably may be compromised. Blow up my phone remotely please before you let my snap chats out!! Apple failed us all here and the must do better... Luckily failures in this industry don't directly cause planes to drop from the skies... But again God forbid any of those examples of criminal plots aided by flaws in security protocols. Any of those Apple owes us a safe place to use the technology devices they provide and promote and support!
Last edited:
I am not clear on what point you are attempting to convey, avionics software sometimes can confuse pilots or seem to fail as a number of documentaries on the Smithsonian channel indicate, bringing down the aircraft. So if that is the benchmark that is being used how can Microsoft, Google and Apple ever hope to achieve software nirvana? Or software does fail in various walk of life, with various outcomes. Like Deltas' recent grounding stranding how many millions?
So if the airlines can't do it, and Microsoft, Google, Telsa(their self-driving software made a boo-boo and killed someone) and Apple can't do it what is one conclusion that can be drawn. Software designed by mere mortals can fail. Apple does a pretty good job, there entire infrastructure from the mac, ios and cloud services has a fairly good track record given the number of devices and variability of the devices out there.
My major point is that with aviation developers and engineers and regulators understand the implication is that ultimately loss of life or at least physical harm is the likely result of a failure in the. Nothing gets released without countless backups to cover the failures and backups to cover failed backups. It's like a block of Swiss cheese if that makes sense.
You mentioned -Delta.... What a perfect example.... How many died or where injured ? None. Why because systems where in place to backup what had failed and to even backup the backups. While that was a major failure and countless thousands were affected Delta flights still departed and arrived safely all over the world because developers anticipated failure of some type and designed backups to ensure some sort of SAFE operation had been implemented.
Apple and all companies who produce a product that ultimately could result in Injury, I feel have to design and release their products only after rigorous testing. Not just functionality and operability but user safety as well. User safety actually should be paramount. It's feasible to me that litigation will ensue addressing harm done in some form due to Apple's less than through risk assessment process when releasing software. Especially in this circumstance where I am certain pretty terrible things could have happened as we were deeply briefed at my company.
Again Apple Microsoft Cisco etc aren't bad guys in my mind. They just may have lost sight of what really could happen and that ultimately all of our safety (not just my snaps your emails joe's fishing trip pics) is at stake. My other point was that this is a result of perception of risk involved. With aviation we know precisely what could result. No one really thinks that their iPhone could plausibly be used as a tool to cause such harm but it can be. Because of that I think it's import we try to or put the bottom line ahead of security.
I appreciate your comments though you make some excellent points.
It's really not rocket science. Android is trying to be the "Windows" of the smartphone market...one size fits all.
Apple's strategy is not hard. Their hardware runs their OS/software. Besides, who wants a Marshmallow phone?
With a caveat:
I hate to tell you this but at least one of the two major commercial aircraft manufacturers are outsourcing/downsizing their engineers as fast as they can and putting everything into "The Cloud" that they can. All because these companies are run by MBA's when the used to be run by promoted engineers. The next time you are on one of these airplanes, especially in bad weather, just remember that the engineering work went to the cheapest person they could find.
But I do understand your point, which is very good. Let's see where NextGen takes us.
It's generally taken for granted that consumer grade electronic devices can and do fail. No system is immune to failure and you can always take the worse case scenario about what happens in any situation. I'm not interested in any examples, but I'm more concerned about my phone being damaged or lack of cell signal or dead battery, than a software failure rendering the device temporarily inoperative. The general phrase that is used is mission critical. If my phone was mission critical I wouldn't carry it around without a case, have a redundant satellite phone and big battery as backup. I expect to my phone to work in all reasonable circumstances and for the many years I've had varying phones, never had one fail in a reasonable situation.
(I'm differentiating consumer grade devices from let's say medical devices, which should be designed and manufactured to a different standard and their price tags reflect that.)
You are totally correct James (I take it AS from your Handle on here?)
That's getting really into the nitty gritty of the aviation industry and something I'm sure we'll eventually suffer some repercussions from.
Nonetheless.... Even the outsourced engineers even the cloud based infrastructure still has government (FAA/DOT IATA NTSB etc) oversight as far as meeting standards, regulation, and review inspection.
Say what you will about the US's or any country's goverment's ability to do things effectively like regulate and standards compliance I won't argue that topic. No" But, at the very least that's another layer beyond self regulation that adds transparency and accountability as well as being enforceable with consequences. Something Apple MS Cisco etc. don't have to concern the majority of their product development with.
I hope we will see what Netx Gen brings lol but it may hold true to its name and won't be seen until some 'next gen' lol.
Still holds no water. OpenSSL was a single software package but extremely complex and had undiscovered bugs for years. Want to try again?
Hey thanks!
You know I should think of it the way you just explained.... Consumer grade vs professional or mission critical (love that term thanks for that as well).
I'm just so safety first programmed that I it surprises me when people aren't and there are obvious implications.
I guess it's a matter of matching and balancing the standard to the consumer / mission. Which has to be even more difficult with profit as a primary objective and no unbiased oversight. Then again oversight in this instance makes me think of the FBI's recent demands to Apple and how appropriate I believe Apple's response was.
Ugh! Can't I just snap chat in peace ? Lol (p.s. I really don't snap chat I'm too old)