Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iOS 10 Beta Features Unencrypted Kernel Making it Easier to Discover Vulnerabilities
- Thread starter MacRumors
- Start date
- Sort by reaction score
No chance this is intentional. Someone in build & integration flipped the wrong switch.
Apple's entire security process revolves around security through obscurity. Even when they become aware of egregious vulnerabilities, they can and have sat on them for years (multiple release cycles) for the sole reason that they weren't aware of anyone using them maliciously in the wild.
The sooner and more publicly vulnerabilities are found, the sooner Apple's hand is forced on shipping fast-track security updates that may well break other legitimate functionality--not to mention derailing other planned engineering feature work.
Apple's entire security process revolves around security through obscurity. Even when they become aware of egregious vulnerabilities, they can and have sat on them for years (multiple release cycles) for the sole reason that they weren't aware of anyone using them maliciously in the wild.
The sooner and more publicly vulnerabilities are found, the sooner Apple's hand is forced on shipping fast-track security updates that may well break other legitimate functionality--not to mention derailing other planned engineering feature work.
But why not say anything to people about it when releasing the preview? Why wait for people to just find it? Seems like something you would tell people you are doing so people can do the things you want them to do with it.
This is not something I know much about but seems like a mistake to me. If it is.....ugh that really sucks for Apple.
This is not something I know much about but seems like a mistake to me. If it is.....ugh that really sucks for Apple.
Let's pretend this was an engineering mistake, why on earth would Time Cook get fired over it? I don't think Tim Cook even knows how the iOS build process works, let alone be responsible for a mistake in it.
I think all the code for the hardware drivers is in there.
Android latency in talking to hardware is going to be cut significantly.
Android might actually be usable for audio work soon.
[doublepost=1466551788][/doublepost]
The buck stops there. Many a CEO has taken the fall for far less.
The iPhone kernel is the family jewels.
It's why iPhones are so responsive with lesser hardware than Android.
The Chinese Android suppliers and OEMs are madly stealing code and rewriting their drivers at this moment.
Android latency in talking to hardware is going to be cut significantly.
Android might actually be usable for audio work soon.
[doublepost=1466551788][/doublepost]
The buck stops there. Many a CEO has taken the fall for far less.
The iPhone kernel is the family jewels.
It's why iPhones are so responsive with lesser hardware than Android.
The Chinese Android suppliers and OEMs are madly stealing code and rewriting their drivers at this moment.
There isn't any point to encrypt it later, it's too late. Apple isn't going to rewrite the entire core.
This is a flytrap for jailbreak. Once Apple knows how they are going to do it they will change something and encrypt it and if you try to jailbreak you'll brick it.
No. It's still a binary. Just unencrypted. You don't get the source code!
[doublepost=1466552269][/doublepost]
You do know we're talking about a binary and not source code right?
Free in-app purchases.
I'll buy your app, no problem. But I'm not paying £69.99 for consumable coins/gems/bux/crystals/whatever pay2play BS.
Might not be a popular opinion but it's an honest answer to your question.
Wrong. They do not rely on obfuscation. They rely on proven encryption models.
I will eat Pad Thai tonight, I believe. At least one thing's for sure. 
But how sire are you that you're actually eating Chicken for example?I will eat Pad Thai tonight, I believe. At least one thing's for sure.
[doublepost=1466552653][/doublepost]Its funny how people are reply here as if they gave just released the source code!
This seems odd to me-- I'd hope that if they intentionally lowered their security like that they'd notify users about it. Yes, it's a beta, and one should never expect a beta to be reliable or secure, but I still feel this should have been communicated as part of the release if it were intentional.
Speaking in absolutes is always wrong.
If people could find exploits from the binary then they have too much time in their life.
Hey, to be fair, I did make a demo version of OE-Cake! that was supposed to expire in 2008 run until 2038 by doing that, and it didn't take long.
I wonder if this is related with Apple vs FBI. Apple "accidentally" release unencrypted kernel to give FBI chance to discover vulnerabilities without having to create custom OS for them
The cats out of the bag now. They'd have to completely rewrite the security features of iOS otherwise people diving into the innards are finding out how it all works together no matter if the next release is encrypted or not.