Oh, geez, here we go.... The Jokers on here have started.
https://forums.macrumors.com/showthread.php?p=8190677#post8190677
https://forums.macrumors.com/showthread.php?p=8190677#post8190677
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iPhone SMS Security Vulnerability to Be Disclosed Today
- Thread starter MacRumors
- Start date
- Sort by reaction score
I know companies can register those types of codes (American Idol, Bank of America, etc), but I don't know if a regular person can spoof something like that.
The fanboyism is strong in this thread.
This is a priority ONE security hole.
They we're told about it - and have done nothing about it so far.
So are you all saying that Apple should take its sweet time to fix such a huge security hole?!?
If this was Microsoft - I'm sure you all would be changing your tunes.
I am GLAD that they went public with this. What would happen if they didn't go public with this, and then a hacker actually implemented it? I bet you'd see a fix within days.
This is a priority ONE security hole.
They we're told about it - and have done nothing about it so far.
So are you all saying that Apple should take its sweet time to fix such a huge security hole?!?
If this was Microsoft - I'm sure you all would be changing your tunes.
I am GLAD that they went public with this. What would happen if they didn't go public with this, and then a hacker actually implemented it? I bet you'd see a fix within days.
I believe that most on here will agree with this:
1. Go Public with the info in order to Push Apple into fixing the problem.
2. Only go Public if they can do it WITHOUT giving the details of exactly how they accomplish it.
Perhaps not a "hold your hand" guide on how to take over the world, but I can't see it taking long for a number of hackers to duplicate this exploit (I could be wrong, of course). And with full access to a phone's contacts, one hacker could quickly gain access to a number of other phones.
You all who? Who here (except for TheSpazz) thinks Apple should take its sweet time?
My only point is that until more information about what Apple has to do to fix it is released, I don't see how anyone here can factually state that Apple's taking too long.
I would base that 'opinion' on facts such as a Java vulnerability that was left unpatched on OSX for nearly a year, or the flaw in BIND that wasn't patched properly for nearly three months. In both cases Apple were dead last to the fixing party.
What do you base *your* opinion on?
The biggest problem is that like Mr. Miller stated, he notified Apple over 1 month ago with NO response.
And Forbes states that they have called Apple repeatedly with NO response.
WE, iPhone owners, most never know anything about what Apple does until AFTER it's over. Secret stuff........ the consumers don't need to know what Apple does except take or good money, and enjoy it! I know, that was sarcastic, but we DO pay a lot for these phone to not be able to get any news from Apple on something like this.
And Forbes states that they have called Apple repeatedly with NO response.
WE, iPhone owners, most never know anything about what Apple does until AFTER it's over. Secret stuff........ the consumers don't need to know what Apple does except take or good money, and enjoy it! I know, that was sarcastic, but we DO pay a lot for these phone to not be able to get any news from Apple on something like this.
Is it just me, or does the article also suggest (or state explicitly?) that this attack could be designed to show NO visible messages at all? Seems to me that someone with actual malicious intent would opt for that over a visible attack...
On the Internet, a month is an eternity. It doesn't matter how long a bug has gone undiscovered. A month is the maximum time between Microsoft patch days, and they have still been forced to do unscheduled emergency patch releases many times.
Just this week, a bug was found in BIND, which runs most DNS servers. It was found because bad guys were already using it to crash DNS servers. ISC had a fix out immediately.
Face it, Apple is just plain irresponsible when it comes to security holes, just like Microsoft used to be before 2004. The only way to deal with an irresponsible company is to publicly announce their security holes.
To force Apple into fixing it, before someone else figures it out and uses it maliciously.
Seriously - Apple is properly USELESS at keeping up to date patching its software.
If you create what I believe they call an sms gateway (say like the one here) you can give it a bogus email address, which then shows up as 'From:'.
Poor logic. There are other hackers out there. Also, companies pay BIG money for people to work for them and find their exploits. If I were this guy I'd probably keep it secret if I was on Apple salary, but if Apple has no plans of hiring him then he can do what he likes with the information to make Apple react.
You can call your carrier (mine is AT&T) and ask to Opt-Out of SMS messaging. I've done that because I use all the stuff you do to avoid it and I don't want to get any. Doing this has AT&T block all SMS messages to you.
That's exactly my point. I don't have enough information about this issue to base an opinion on if Apple is moving on it fast enough or not.
Not likely. Considering security holes in smartphones is an area of interest to hackers, you can't figure he is the only guy to have found this bug.
That is Apple's problem. They need to join the 1990s and start doing binary patch updates, instead of forcing full re-downloads of an entire program for every small change. Google Chrome does it, Firefox does it, Microsoft does it, anybody who uses RTPatch does it, there are open source programs that do it. APPLE, DO IT!kingtj said:
Kind of reminds me of that Java hole Apple ignored for months and months... and months... and months
I think Apple deserves to sweat a little over this. They had ample time to fix it, they did not, thus they will pay the consequence. (Today).
As an IT professional, you should know that YOU are going to be the one that has to deal with this sort of thing, one way or another.
Wishing ill will like this is just petty and if you really want my opinion, ignorant.
At one point, the dot security releases were simple 10MB downloads. When did that ever change?
Looking at their record they're probably being pretty slow about it. The Java exploit wasn't fixed for how long? How about the BIND one?
Unfortunately, Apple really really sucks when it comes to turn around time for security updates. Until they start increasing the speed of the patches we can only assume the lackluster rate at which they release the updates is the same.
I love Apple but they really need to change the way they handle security patches and the app store approval process (not related but it is basically the only other thing I have a problem with).
How do you know they've done nothing about it? And for that matter, how do you know they were told?