Right because if he's working on a Keynote slide nobody else at Apple is working on anything else....
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iOS and OS X Security Flaws Enable Malicious Apps to Steal Passwords and Other Data
- Thread starter MacRumors
- Start date
- Sort by reaction score
Let's make excuses for Apple and accept hacking/theft from our Apple products as the norm...
The gist is: "software vulnerabilities allow unauthorized access to data". The same logic may in spite of having the rootless feature.
I imagine if this was found in the linux ecosystem, it wouldve been patched well within 6 months. Linux is looking great.
2 seconds of searching gave me this. There is no such thing as completely secure software, especially not today so early in the field. Software engineering is still in the wild west days, with no enforced standards. Other engineering fields have to have third party inspectors check their work - software goes out when a lone developer feels like releasing it. It is good in ways - as we innovate faster, but bad in that security levels are all over the place.
The main point I see is Apple was given 6 months to fix this and it still exists as a vulnerability in their code base as of today. So what if they fix it today, it darn well should have been fixed 3 months ago and not required a media blasting for Apple to get it done!
Last edited:
So does this mean we all have to change our iCloud and Apple ID passwords?
Or should we stop using iCloud and Apple IDs altogether?
Or should we stop using iCloud and Apple IDs altogether?
Linux is good, but things like heartbleed, poodle, and shellshock were out there, in some cases for years, without anyone noticing - although they were fixed much quicker. This is not to excuse Apple, but nothing is really safe.
OS X, Linux, Android, Windows etc all need to step up their security efforts.
Dude, don't forget your tinfoil hat... Why do people scream the sky is falling every time an article like this is posted? There are no known app that uses this yet. Worry then... LOL
So unless one installs a malicious app, this wouldn't be an issue, right? I know the malicious ones aren't going to call themselves such, but if I understand the nature of this vulnerability, it can't be exploited absent the user installing the malicious app to begin with. Do I have that right?
Oh I totally understand. I'm sure the NSA and others knew about heartbleed etc before the rest of us, and nothing is completely safe.... but at least when these things become publically known/found, the opensource community fixes things quickly like you said.
It would likely have been patched in a few days and work arounds in a couple hours.
I call BS. You forget Google pwns all your data
Oh and friendly reminder, the flaws that exist in 40% of a all Android phones because they NEVER GET UPDATED trump this. Google's engineers aren't fixing it, they just keep rolling new versions of Android (That don't make it to 95% of devices older than a year).
Go for it!
Android 5.0.x made it to 0.8% of devices. https://developer.android.com/about/dashboards/index.html?utm_source=suzunone
KitKat 4.4 is now 18 months old and on 40% of all Android phones YAY innovation!
Last edited:
Tim Cook said thank you for persuading current Apple loyalists to competitor products.
Has apple released a patch for the iMessage issue that was unveiled the other week? I wouldn't say that we'll see a fix in a couple of hours.
The attack can be carried out from malicious apps. This implies that so long as you have that malicious app installed AND the vulnerability exists, then changing your passwords won't help - if they are stored on the device. The other implication is that app data is also exposed, which means that offline (on-device) store is also at risk.
Therefore the better suggestion is - be careful of what you install onto your devices.
