But only if you use iCloud Keychain (which I do not). For a networking device, the iPhone is missing some key settings like this one. You can also not specify a preferred network if multiple known networks are available. It is actually really annoying.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
New Version of 'January 1, 1970 Bug' Can Brick Pre-iOS 9.3.1 Devices Over Compromised Wi-Fi Networks
- Thread starter MacRumors
- Start date
- Sort by reaction score
But only if you use iCloud Keychain (which I do not). For a networking device, the iPhone is missing some key settings like this one. You can also not specify a preferred network if multiple known networks are available. It is actually really annoying.
Yeah, I do use iCloud Keychain. I'm not sure if it carries across the network priorities from that. I'd rather have them separate to be honest as some networks are more preferred for some of my devices...
I've posted this (complete lack of a basic function) as a bug on every release version and beta version since iOS 6...
Every flavor of OS has bugs and obscure flaws waiting to be found. Just because another flaw was found, that doesn't mean that Apple's focus on security is a joke.
Agreed. As another person noted, this only alerts malicious people to a new toy to play with.
No... Just those that are still on 9.3. The 9.3.1 update is not vulnerable to this.So now we need an update to the update to the update to the update
The earliest you can set it now is 2000, but what's even the point of that?
It's not that hard to think: "oh maybe we should double check the input on that setting before we use it".
That was covered in a high school programming class I took... decades ago.
I routinely get the feeling I'm using a device that was programmed by nit wits sometimes.
Yes! This!!!
If your using iCloud and have a OS X device as well, can delete SSID associations in network settings and they get removed from the iPhone. But pretty clumsy... Maybe they are trying to sell MacBooks?
Remember when people insisted 9.3.1 only fixed the weblink bug?
This is old news. As soon as the 1970 bug was discovered, people on Reddit were talking about how you could use NTP to brick iPhones. And people here were defending Apple because "nobody is stupid enough to set their date to 1/1/1970"...
I guess I'll update to 9.3.1 now. I thought this was fixed in 9.3.
I guess I'll update to 9.3.1 now. I thought this was fixed in 9.3.
Very tiny nitpick: In some situations, the clock will indeed be set backwards with ntp, but it's an unusual circumstance and the change should be quite small.
However, ntp's defaults (last I knew) forbid any clock correction exceeding 1000 seconds, so this kind of massive, 40-year correction should not be possible under any circumstances. Either Apple wrote their own time sync client (why?) or changed this default in their implementation of ntp. (Again, why?)
Incorrect device clocks have major security implications for any network, so even without this bricking bug, Apple should be paying closer attention to this. Time sync should never be an afterthought.
Apple iOS, it just works... oh wait
Apple already fixed the issue in iOS 9.3.1.So now we need an update to the update to the update to the update
Yeah... People on StackOverflow are saying that NTP is usually used in the unsecured form. I don't know why. NTP security is complicated since normal security mechanisms rely on the current date/time to verify certificates, and of course, you can't do that in this case
. That made me think: Besides this bug, spoofed NTP servers could trick clients into validating expired certificates, right? Isn't this something everyone should be worried about?
Apple iOS, it just works... oh wait
When Tim says it works, you better believe it!