Toggle sidebar Toggle sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iPhone SMS Security Vulnerability to Be Disclosed Today

*LTD* said:
Notice how all these Apple vulnerabilities are never really exploited? Whether for the OS X, the iPhone . . . users were never affected.

Either Apple is fast enough with fix, or something else is going on.
Click to expand...

Because unlike you a lot of people here don't just follow Apple with blind eyes. Security through obscurity won't last much longer for Apple. Especially the iPhone. IMHO the iPhone is going to be the next big target for hackers and exploiters.
 
Patch is now out (as most of you should know at this point). Since I find it highly unlikely that Apple just put this together over the past 24 hrs, this leads me say:

Many of those that posted in this thread should be feeling pretty stupid right about now: Apple clearly recognized this as a problem and has been working on it all along. So all the "sky is falling" posts about how horrible Apple is and how unbelievable it is that they would ignore something as important as this security flaw...kind of seem silly in hindsight. Wonder of wonders, Apple actually was working on a fix, even though they didn't inform you personally and keep you updated.

Several pages of posts bashing Apple. All for nothing. Oops?
 
kallisti said:
Patch is now out (as most of you should know at this point). Since I find it highly unlikely that Apple just put this together over the past 24 hrs, this leads me say:

Many of those that posted in this thread should be feeling pretty stupid right about now: Apple clearly recognized this as a problem and has been working on it all along. So all the "sky is falling" posts about how horrible Apple is and how unbelievable it is that they would ignore something as important as this security flaw...kind of seem silly in hindsight. Wonder of wonders, Apple actually was working on a fix, even though they didn't inform you personally and keep you updated.

Several pages of posts bashing Apple. All for nothing. Oops?
Click to expand...


Nice try. Apple has known about this for over a month yet it took major public outcry for them to fix it (kind of like the Java exploit) whereas google fixed it immediately.
 
Mattie Num Nums said:
Nice try. Apple has known about this for over a month yet it took major public outcry for them to fix it (kind of like the Java exploit) whereas google fixed it immediately.
Click to expand...

Wait, so you think it is more likely that Apple knew about this for a month and blew it off? Even when they knew it would be publicly revealed at the conference? Still they did nothing though. It wasn't until it was picked up by the tech media that someone realized that this would be a problem and it became a priority. Then they developed, tested, and deployed a patch in 24hrs after the exploit was revealed publicly.

Are you crazy? That is just plain silly. It is far more likely that they realized it was a problem, devoted resources to getting it isolated, fixed, and tested. What's more, they knew the timeframe they had to work within. It is possible (likely?) they even had it fixed before the public revelation at the conference--it's good for PR to issue a fix in a timely manner (i.e. 24 hrs later). Let the media create buzz with this horrible flaw in the iPhone and then Apple comes to the rescue the following day.
 
kallisti said:
Wait, so you think it is more likely that Apple knew about this for a month and blew it off? Even when they knew it would be publicly revealed at the conference? Still they did nothing though. It wasn't until it was picked up by the tech media that someone realized that this would be a problem and it became a priority. Then they developed, tested, and deployed a patch in 24hrs after the exploit was revealed publicly.

Are you crazy? That is just plain silly. It is far more likely that they realized it was a problem, devoted resources to getting it isolated, fixed, and tested. What's more, they knew the timeframe they had to work within. It is possible (likely?) they even had it fixed before the public revelation at the conference--it's good for PR to issue a fix in a timely manner (i.e. 24 hrs later). Let the media create buzz with this horrible flaw in the iPhone and then Apple comes to the rescue the following day.
Click to expand...

http://news.cnet.com/8301-1009_3-10278472-83.html

You mean to tell me that the patch was deployed July 4 2009?

The CNET article was relatively public as it was easily found on their website
 
bruinsrme said:
http://news.cnet.com/8301-1009_3-10278472-83.html

You mean to tell me that the patch was deployed July 4 2009?

The CNET article was relatively public as it was easily found on their website
Click to expand...

No, obviously not. But the exploit wasn't "formally" presented to the public until the conference. So details weren't known until then--at least enough details for it to become a likely threat.

Look I'm not saying Apple is perfect by any stretch. But given the two options of:

(1) They knew about a potentially serious flaw for over a month, did nothing, and then only decided to act when the media started reporting it. Nevermind that should this exploit go public without a fix, they would be completely screwed. The iPhone is their cash cow and one of the strong points of the Apple brand is that it is comparatively *safe* from malware/viruses/spyware/etc. But they ignored all that and decided to risk everything, banking on the fact that if it became an issue they could come up with a fix overnight.

-or-

(2) They were informed of a potentially serious flaw. Determined that it was real. Isolated the problem, developed a fix, and spent time testing it. Knowing the whole time that they had 4 to 6 weeks before it would be *officially* let loose in the wild.

Option (2) seems much more likely to me. I obviously can't exclude option (1) though. The fact that the patch was released within 24hrs of the exploit's "coming out" party makes me think that time and resources were spent on the problem. Would it take 1 week to fix this? 2 weeks? 4 weeks? 6 weeks? I have no clue (but neither does anyone else here not working for Apple).

If it was something that could be fixed in 24 hrs yet Apple put it off until the last minute, then I agree Apple acted stupidly. If the problem was more complex, required weeks of testing to ensure new problems weren't introduced, etc., then I'm not sure how you can fault Apple.
 
we may not know what the real story is. Perhaps Charlie Miller contacted apple about the flaw and Apple decided that it could wait until 3.1
Then again perhaps apple blew off Syscan when the initial flaw, exploit was discovered and it was decided that it would be a highlight of the conference to push apple for a fix.

Perhaps it is apple isn't used to delaing with such situations yet in timely manner.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back