Ubuntu i.e. Canonical are now only offering LTS and Developer versions. They NO longer encourage 6-8 month distros. Linux developers are getting away from that strategy. Currently OpenSUSE.org offers two version, LTS and their 6-8 month distros. Even Linux Mint has gone to LTS and even allows for smooth upgrades.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
PSA: Safari Security Flaw 'Actively Exploited,' Update Your Apple Devices Now
- Thread starter MacRumors
- Start date
- Sort by reaction score
Yes.
I should note that large amounts of macOS is actually open source. Check out their github account here - look for repositories that mention Darwin:
And WebKit is also open source. Here's the repo on github for that:
GitHub - WebKit/WebKit: Home of the WebKit project, the browser engine used by Safari, Mail, App Store and many other applications on macOS, iOS and Linux.
Home of the WebKit project, the browser engine used by Safari, Mail, App Store and many other applications on macOS, iOS and Linux. - WebKit/WebKit
github.com
Presumably if you look through the WebKit repo it's possible to find the change that patches the zero day that this MR article is about.
Edit: Actually, I found it. Apple's release notes included the bug number on Bugzilla, and Bugzilla links to this PR on Github:
[JSC] Make JSMap and JSSet construction more simple and efficient by Constellation · Pull Request #3023 · WebKit/WebKit
1ed1e4a [JSC] Make JSMap and JSSet construction more simple and efficient https://bugs.webkit.org/show_bug.cgi?id=243557 rdar://98068082 Reviewed by Mark Lam and Saam Barati. This patch makes the...
github.com
I'm not able to tell where the vulnerability was, how to exploit it, or how it was fixed just by glancing at this.
I am disappointed that this was apparently fixed 15 days ago but Apple took all this time to actually distribute the fix to us.
Anyways... just having the code be open source isn't enough for us to be able to repair what Apple won't. Apple needs to also provide whatever else we need to be able to compile this fix for, say, iOS 9 so that I can install it on an old iPod Touch that I let my kids use.
Last edited:
They'll all have the same vulnerabilty, all browsers on iOS use the same Safari based browser package.
More reason for Apple to compartmentalize iOS more. Why should Safari patches be locked in with the OS update? This is where Apple should take example from Android, where the web view and browser can be updated independently from the OS. As such, older devices that won’t receive further OS updates can still get the latest patches for the browser.
Yeah, that's his silliest material. Smith isn't in the same league as luminaries like De Niro, Day-Lewis, or Hoffman, but his performances in Pursuit of Happyness and Ali (both of which garnered him Academy Award and Golden Globe Best Actor nominations) showed he certainly knows his craft.
You want an example of a true bad actor? Here you go:
I've been into computers for a long time and I've seen (and still own) lots of obsolete hardware and software. (Want a Tandy TRS-80 Model 100 "laptop"?
I agree that parts and aids to repair of iphones should be required to be available but I think you'll admit that probably 1 or 2% of owners are qualified to do it. It's more practical to trade in when a device becomes impractical.
I don't see Apple source code or other intellectual property being made open source. Too many active secrets buried in the code.
Uh, ok. What I hate to use is safari the browser, and this security fix will not address issues I encountered when using safari for sure. As for other uses of safari, um, idk. I don’t use Apple Music. I do use mail a lot. Judging by the article this “kernel” is very deep it seems. I’ll have to think about it.
And expect huge backlash and confusion from people saying their browsers won’t work anymore, jobs can’t be done. Entertainment impossible. And so on.
We’ve been through 2 years of disruption for covid. You should be able to imagine the backlash if safari browser is disabled. Not to mention, there are no alternative rendering engine on iOS.
As for the cost, you can’t persuade those people who needing that specific function from those devices to go for bleeding edge “for the security”. Cost is and will always be a major factor when implementing something, sometimes a literal dealbreaker.
True, but Apple obsoletes hardware much more quickly than Microsoft. Windows 10 can support machines as early as 2004, and will do so until October 14, 2025. Monterey doesn't support most Apple computers before 2015. When you are charging top dollar for the devices you're selling, the customer has a reasonable expectation that they will be supported longer than a typical cheap Windows machine.
Worse, Apple never actually provide support timeline for any of their products. Meanwhile, Microsoft has clear timeline of support for their OSes. You wouldn't know the exact support duration of the Mac or iphone you buy right now.
And you can never know when Apple would pull shenanigans like iOS 14 and 15, where Apple promised iOS 14 support alongside 15, but then simply lied and didn't so it at all.
Even Android is supported longer, at least from an app standpoint. For example I have a phone from 2016 (Android 6.0) and a large majority of apps are still updatable on it even if the OS isn’t including important ones like Chrome which is going to be the access point for a lot of malware. With Safari still coupled to iOS once that device can’t reach the latest iOS your going to be vulnerable.
Or - Fox, CNN, et al are blowing it out of proportion. There’s an update, install it, problem solved.
Except on iOS, essentially, all browsers are Safari because Apple requires third-party browsers to use WebKit.
So yes, if you use Firefox on your iPhone, you're susceptible to a Safari bug, and the only available fix is updating the entire operating system.
Since it relates to WebKit and no other engines are allowed it shouldn’t matter which browser you use on iOS. On Mac it would help though.
I’m considering ditching Safari too,it has become more and more sluggish and now days never as reliable as other browsers.
The only issue making me not switch is the passwords and keychains.
It shouldn’t be.
We’re talking about hundreds of thousands perfectly functional devices 5-6 years old that people use.
It’s very irresponsible to just abandon them and expect everyone to use the latest model.
Did me a favour tbh , my iMac was on Mojave and having various finder issues but worried about all the upgrade horror stories I’ve read … , upgraded to Monterey and now it’s like a rocket , seriously impressed. Having an ssd when I bought the Mac has really paid off by the look of it
Not quite so impressed with the flat UI , it’s very .. what’s the word ? Bland … I thought big sur onwards was supposed to be colourful ?
Not quite so impressed with the flat UI , it’s very .. what’s the word ? Bland … I thought big sur onwards was supposed to be colourful ?
It's always the customer who gets the last say by voting with their wallet and right now those customer are saying they are willing to put up with Apple's timeline to obsolete their devices. Apple will only react when sales fall off the table. As more and more people keep buying their computers, extending the life of those Macs is not high on Apple's to do list. That is why I decided to breathe new air into the life of my 2012 Mini buying installing Ubuntu which extends the usefulness of Mini for the foreseeable future.
I get that we're talking about millions of abandoned devices but they don't have to go into a landfill. And it's not like they are bricking the things. I have a friend who insists on holding on to her iPhone 4 because it runs one app that she needs.
Late 2015 , 32 Gb ram , 1tb ssd , 4 gb video , quad core 4ghz i7
I was contemplating upgrading but now I think I’ll keep this for the next few years
I was contemplating upgrading but now I think I’ll keep this for the next few years