Become a MacRumors Supporter for $25/year with no ads, private forums, and more!
  • Did you order new AirTags? We've opened a dedicated AirTags forum.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
52,419
14,127



Apple's iOS 10 preview, seeded to developers last week, does not feature an encrypted kernel and thus gives users access to the inner workings of the operating system and potential security flaws, reports MIT Technology Review. It is not known if this was an unintentional mistake or done deliberately to encourage more bug reports.

ios10-800x585.jpg
Security experts say the famously secretive company may have adopted a bold new strategy intended to encourage more people to report bugs in its software--or perhaps made an embarrassing mistake.
In past versions of iOS, Apple has encrypted the kernel, aka the core of the operating system, which dictates how software uses the iPhone's hardware and keeps it secure. According to experts who spoke to the MIT Technology Review, leaving iOS unencrypted doesn't leave the security of iOS 10 compromised, but it makes it easier to find flaws in the operating system. Security flaws in iOS can be used to create jailbreaks or create malware.
The goodies exposed publicly for the first time include a security measure designed to protect the kernel from being modified, says security researcher Mathew Solnik. "Now that it is public, people will be able to study it [and] potentially find ways around it," he says.
Apple has declined to comment on whether the lack of encryption was intentional or a mistake, but security expert Jonathan Zdziarski believes it was done by choice because it's not a mistake Apple is likely to have made. "This would have been an incredibly glaring oversight, like forgetting to put doors on an elevator," he told MIT Technology Review.

He further suggests Apple may have chosen this route to prevent the hoarding of vulnerabilities like the one that was ultimately used by the FBI to break into the iPhone 5c of San Bernardino shooter Syed Farook and to have more people looking at the code to discover latent security flaws.

Article Link: iOS 10 Beta Features Unencrypted Kernel Making it Easier to Discover Vulnerabilities
 
  • Like
Reactions: 997440

miknos

Suspended
Mar 14, 2008
940
793
Seems like a bold move imho.

Maybe a recommendation by Jon Callas?
 
Comment

Tech198

macrumors P6
Mar 21, 2011
15,674
2,092
Australia, Perth
I'm just thinking, wouldn't the FBI like that.

Its a beta after all.... While this may be firstly done fore Apple, its still a beta, and i'd say, it would be good to report issues/further issues ? However the question is, what advantage over the standard report would this give? apart from attacks?
 
Comment

LinusR

macrumors 6502
Jan 3, 2011
286
293
Why would they decide now, i.e. when releasing iOS 10, to make such a fundamental change? Do they not trust in their engineers anymore as much as they used to when developing previous iOS releases?
 
Comment

skinned66

macrumors 65816
Feb 11, 2011
1,363
1,219
Ottawa, Canada
They prevent it only because they fix the exploits in the system that could be used in other ways.

I think it has at least as much to do with keeping you and your money in their garden. I've bought software from Cydia on numerous occassions - though it pales in comparison to my App Store totals.
[doublepost=1466547465][/doublepost]
Do people still jailbreak these days? If so, what specifically for?

I personally no longer found a need to jailbreak after around iOS 7 or 8, so I'm just wondering what people still deem as missing.

I used to do it all the time. I haven't for a while now. Like you, I find myself "needing" it less and less. Though I would like Kodi back on my iPad again.
 
Comment

gigapocket1

macrumors 68000
Mar 15, 2009
1,822
1,179
Do people still jailbreak these days? If so, what specifically for?

I personally no longer found a need to jailbreak after around iOS 7 or 8, so I'm just wondering what people still deem as missing.

I couldn't agree with you more. It's more of a hassle these days and I feel very few jailbreak developers still even code their apps.. Not to mention most of the jailbreak apps have been implemented into iOS
 
  • Like
Reactions: ENDWARO7
Comment

Tech198

macrumors P6
Mar 21, 2011
15,674
2,092
Australia, Perth
either this IS a mistake, or the biggest bust Apple has ever done... Because u just know the next step would be code circulation.

On the other hand, Apple trusts developers far to much.
 
  • Like
Reactions: Shirasaki
Comment

Winterflags

macrumors member
May 18, 2015
71
43
I doubt getting people to report bugs is their objective, keeping in mind that I spent a couple of hours with Apple Support trying to explain that it must be a bug that videos I deleted from my phone a half year ago were still in my iCloud library and took up a 100 gigabytes in iCloud storage. I literally had to fight for hours against a clueless customer support representative insisting it was "normal". Finally, a tech team at Apple is looking at the issue and have confirmed that it's anything but normal, but the amount of energy that was spent to get them to take up an issue seriously didn't really make the effort worth it.

Apple really values the top-down approach, not the other way around.
 
  • Like
Reactions: Shirasaki
Comment

sudo1996

Suspended
Aug 21, 2015
1,496
1,182
Berkeley, CA, USA
Maybe now we can get open-source jailbreaks that aren't from sketchy Chinese websites and don't require Windows to run... hate that TaiG crap.
[doublepost=1466547956][/doublepost]
Do people still jailbreak these days? If so, what specifically for?

I personally no longer found a need to jailbreak after around iOS 7 or 8, so I'm just wondering what people still deem as missing.
None of my reasons have disappeared besides the unlimited iTunes Radio skips, but I think the jailbreaking scene has died down, and stuff isn't maintained as well, so I've stopped. Also the multitude of iOS versions and devices has made it harder, and people now have more sensitive information on their phones that shouldn't be trusted in the hands of Cydia software.

Some things I used it for: SSH server, terminal, advanced battery checking tool, advanced wifi tool, automatic wifi refresh in Settings, IAP cracking, deleting the ****ing camera shutter sound, deleting Game Center, iOS 6 icons, emulators, editing the notification sounds for third-party apps, and the ability to install anything I want just in case.
 
Last edited:
Comment

Luscious

Suspended
Aug 8, 2007
170
122
In the short term this will probably hurt Apple as more vulnerabilities will be initially discovered but over the medium to longer term this should help much more than it hurts.
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.