You don’t, and not necessarily. The answers to those questions depend on the exact exploit, not on the fixed vulnerability. If you fix your door lock, you still don’t know if someone didn’t enter or isn’t still hiding inside.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iOS 17.3 and macOS Sonoma 14.3 Patch WebKit Vulnerability That May Have Been Exploited
- Thread starter MacRumors
- Start date
- Sort by reaction score
That probably means that it was widely exploited and they knew about it, but worked slowly, as usual.
Your analogy is not that good - in your house you are allowed to check your house for clues if anyone broke in. On an i-Device you have no such tools. Comparing to Windows or Linux, you have anti-virus and in many cases also instructions what to look for in Registry or file-system.
That’s right. I was referring to what an automated update can do when only the vulnerability is known, and not concrete exploits.
It’s an interesting question if Apple has ever done some kind of malware removal under the hood.
Never thought this, just a random question--when you update is it quicker to update via the Mac, over air on the phone, or does it really matter and is it all pretty much the same times?
They forgot they had a feature called "Rapid Security Responses".
They currently (officially) used that feature just twice till now.
iOS 16.5.1 (a) - 10 July 2023
iOS 16.5.1 (c) - 12 July 2023 (Two days later yeah, they managed to made a mess somehow).
After these, never again, even if apparently there was a known vulnerability...
What can I say... Not very nice.
They currently (officially) used that feature just twice till now.
iOS 16.5.1 (a) - 10 July 2023
iOS 16.5.1 (c) - 12 July 2023 (Two days later yeah, they managed to made a mess somehow).
After these, never again, even if apparently there was a known vulnerability...
What can I say... Not very nice.
Perhaps Apple needed some time to implement another backdoor for law-enforcement after patching this one…. ;-)
Why does apple think that releasing wallpaper should be part of a release? 1 more bullet to the deployment list? Come on!
Well, adding stuff like wallpapers and emoji might encourage users to update. And the wallpaper is timely for February’s Black History Month.
I really don't see the need for wallpaper to be part of it. If people want wallpaper, there's the web for it. I'd like to see a more useful release.
Then leave the platform. I mean what else can you do if you’re thinking that way?
Apple includes wallpapers and watch faces in the OS. Get used to it.
It is only applicable to narrow set of patches. Apparently, webkit is cannot be patched in this way. Unlike google and microsoft, apple doesn’t seem interested in separating components of ios into patchable components.
I don't think the Rapid Security Responses works this way. Today's security updates include a lot of items.
That is probably true but i am convinced Apple could do better. I am just glad my Mac, iPhone, and iPad are not passenger airplanes …
Unlikely imo, unless that fix also happens to be included in this update.
It depends on how the update is being implemented. Sometimes an exploited device will remain exploited unless the whole system is nuked and start from scratch, including all Firmwares.
Apple will surely blame users as much as possible, and they don’t do it any less than their competitors.
The weakest link in this security chain is ALWAYS USER themselves.
If Apple pushes a 5GB update then maybe all files are updated, corrupted or not. Any less than that, some might not be. We users will never know.
Well what you going to do about it complaining won’t help.
Actually, not giving such feedback would potentially make Apple think everyone is happy with this process. Not like this forum is an Apple suggestion line, but it is definitely a place where most of us vent, and that comment was very reasonable and done quite politely.
Obsessive complaining is not good for anyone, but bottling your frustration with the way things work is also not good for you, so even if it doesn’t fix the problem, complaining can help: https://www.insidehook.com/advice/complaining-is-actually-good-for-you
Best line is the closer: “Sometimes things suck, and there’s nothing wrong with pointing it out. This year, point it out with purpose.”
Yet ANOTHER Unity wallpaper!😡
Give it a break, Apple!
Give it a break, Apple!
I guess RSU only for system architecture level vulnerabilities. But anyways, with news how thru Pegasus governments get remote full access to iOS users, webkit, mail and NPU vulnerabilities are pretty huge.
From other hand, maybe after releasing RSU marketing share they doubts how it's bad that everyone will know how many bugs there and stick it like before under carpet of ordinary update.
If it's true, someone in apple are sick.
Why? Just gut feeling?
As someone who works in software in the enterprise space I’m pretty happy with how well Apple handles known CVEs (though I do wish they’d have a better bug bounty program). We have to meet compliance standards for patching at work and if Apple had the same reqs they’d be doing just fine as far as I can tell 🤷♂️
At the moment I’d rather have Apple’s QA than Boeings
