Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Security Flaw Affects 1500 iOS Apps While Apple's OS X 10.10.3 'Rootpipe' Fix Proves Incomplete [Updated]

2010mini said:
Yes but the thing is with iOS devices, we don't have access to control all the wifi networks. Only when you are connected can you delete it. If you joined Starbucks last week at one location. And someone created a fake Wifi and named it Starbucks somewhere else..... Once your phone is in range it will join it. Even if you are not using your device.

That is not good. Apple needs to give us access to view and delete all the networks we connect to.
Click to expand...

Exactly. This is partially Apple's fault for not allowing more flexibility in remembering or forgetting wi-fi networks.

There are a lot of commonly used names for public wi-fi that if ever joined in the past will automatically join again without your knowledge, unless you select "Ask To Join Networks" which is inconvenient and annoying for your home networks on your phone.

Please, Apple, let us see and delete remembered wi-fi networks individually without having to "reset" which forgets all wi-fi networks.
 
Nothing Apple (or any other company) claims to do to supposedly fix backdoor vulnerability exploits - can be trusted to be genuine. Issues like "Rootpipe" are simply smoke and mirrors to the real threat to consumer privacy.

The US Government and the existing backdoor mechanism by which Apple and other companies are strong-armed into opening their OS to the NSA or other government organizations is the greater breach in public trust that no one but Snowden seems to care about.
 
MacRumors said:
"I was tempted to walk into the Apple store this [afternoon] and try it on the display models"
Click to expand...

In other words, "As a government employee, I was tempted to commit a crime and vandalize the property at a company's retail store"
 
till213 said:
1. Go to any public place (restaurant, train station, airport, ...)
2. Setup your own Wi-Fi hotspot, no password set
3. Don't call it EvilNetwork, but rather...
4. "Free WiFi"

Be surprised how many people will willfully connect to that "fake" Wi-Fi hotspot...
Click to expand...

Rule of thumb. If you don't know network, or need a password then don't use it.
 
Raima said:
Thank you for bringing the rootpipe issue to the front page. More people need to be aware of it so Apple in their best interest will take action to patch it.
Click to expand...

You're quite correct.

However I'd feel better if Apple had a track record of being more proactive, without outside alerts or pressure.

I'm not saying they aren't, they might be doing their due diligence behind the scenes, which is very probable. Yet there has been plenty of times they've not moved very quickly in response to significant issues not just security.

Make no mistake, I acknowledge and appreciate all Apple does do properly which is a tremendous amount. It's just in the area of security and a few other areas that they could easily improve.

In turn that would really drive up their reputation amongst those of us working in the technical side of the industry.
 
Four oF NINE said:
Just exactly how big of an issue is this really? Should I delete "Movies" by Flixter from devices, for instance?
Click to expand...

If this app is on the vulnerable list, then a hacker could intercept communication between you and the sites that the app communicates with. If your bank's online banking app was vulnerable, that would be a big problem. If "Movies" is vulnerable, then you should assume that any username or password, any credit card number you enter, in _that_ app, can be read.
 
ctone said:
Exactly. This is partially Apple's fault for not allowing more flexibility in remembering or forgetting wi-fi networks.

There are a lot of commonly used names for public wi-fi that if ever joined in the past will automatically join again without your knowledge, unless you select "Ask To Join Networks" which is inconvenient and annoying for your home networks on your phone.

Please, Apple, let us see and delete remembered wi-fi networks individually without having to "reset" which forgets all wi-fi networks.
Click to expand...

You can open "Network" in OS X "System Preferences", click on "Wi-Fi" then "Advanced". The first tab (WiFi) will list all networks you have previously connected to on your devices and Mac's linked to your iCloud account.

I check weekly and delete sites I do not want. Apple should implement this into iOS, offer users a list of WiFi networks and remove those you do not want.
 
 
Last edited:
VMukhtarov said:
Vulnerability statistics in Apple products since 1997 till 2015:
https://web.nvd.nist.gov/view/vuln/...b_date_start_month=0&pub_date_start_year=1997

Vulnerability statistics in MS products since 1997 till 2015:
https://web.nvd.nist.gov/view/vuln/...b_date_start_month=0&pub_date_start_year=1997

Linux kernel:
https://web.nvd.nist.gov/view/vuln/...b_date_start_month=0&pub_date_start_year=1997
Click to expand...

Interesting. Since 2010, Apple vulnerabilities have gone up while MS is still all over the place. Wonder if there is a positive correlation between the iPad launch/increased iOS popularity and vulnerabilities. Difficult to determine what specific company platforms are most vulnerable, yet the 2010 spike with Apple almost assuredly points to iOS.
 
Apparently it is the OPEN CODE ... that Developers of the 1500 apps out there that make them vulnerable ... like your Verizon app ... or your Chase app ... etc.

Best LOCK .. is to KEEP YOUR WI-FI TURNED OFF.

Once wi-fi is on and the app is on ... then the door is open to be hacked.

that seems to be what the problem is .. and what the 'right now' fix is.

Apple Apps apparently are not vulnerable as they were cooked up in house.

Still .. keep the wi-fi off unless you need it ... and then keep personal conversation such as your birthday .. out of it.

Like in your Healh app ... I hate that thing and want it gone.

But there is no delete for it.

Alan

:apple::apple::apple:

H2SO4 said:
If my house has a crappy lock on it does the insurance company say the house is insecure? I believe they do.
Apple have blocked insecurities in the past when they want to, (think Flash), so they slipped up here?
Click to expand...
 
2010mini said:
Yes but the thing is with iOS devices, we don't have access to control all the wifi networks. Only when you are connected can you delete it. If you joined Starbucks last week at one location. And someone created a fake Wifi and named it Starbucks somewhere else..... Once your phone is in range it will join it. Even if you are not using your device.

That is not good. Apple needs to give us access to view and delete all the networks we connect to.
Click to expand...

I had to go and check this out. You are totally correct. Never even thought about this scenario. We need to ask Apple to fix this. Should be simple enough to give us access to the list of wifis that we have and the ability to "forget" them.
 
Everybody keeps repeating that the rootpipe hack is only a local privilege escalation bug, but if one studies the code that was released, it's pretty obvious that the only thing needed is the code to be executed and then all bets are off.

Considering the obscene amount of bugs found in Flash and Java, I don't think the odds are too high on someone finding a hole in flash that makes it possible to execute the code while at the same time generating money by advertising some online casino.
Since there's no password needed to run the code, and that after the code is run, anything can (and will) be done with the computer.

So, lets say they find a tiny hole in flash that makes it possible to run some code as the logged in user. It's bad, but not mentally bad since any code trying to do evil system stuff will require admin access and will call up the password dialogue. If the hacker on the other hand runs the rootpipe code, no password dialogue, no nothing, and the next command the hacker will issue probably gives him or her complete access to your computer.

So, Apple is trying to wave this thing off as "not so bad", but actually it's so bad I get the shivers. Luckily I never install flash on my computers since it's a germ ridden piece of excrement, but I need Java at work...
 
Westside guy said:
Rootpipe is a local escalation of privileges exploit. If you have "guest user" disabled, and you're the only one with login credentials on your Mac, you're okay.

The bad news is - the guest user account login is enabled by default. :D TURN IT OFF.
Click to expand...

The key here is using this with a remote code execution exploit. As an example, there are already ways to exploit this remotely with metasploit and @OSXReverser has published work on how to install root kits in conjunction with the exploit.
 
chrfr said:
We can't tell from this (very flawed) article whether the exploits patched for OS X are unique or duplicated across OS X versions.
Click to expand...

TravelingMac said:
That's the conclusion I came to as well, I wanted to make certain I was following the "logic" as it didn't make sense. Thanks!
Click to expand...

Something that I cannot test, as I am running the latest OS X release, is does Apple go back and patch the vulerabilities in the old OS X releases? We know Microsoft does, so that is probably part of the reason why they show each version.

I kinda wish Apple would go back to 18-24 month OS cycle for desktop. Working in a DoD environment it is sad to see that the 10.10 STIG is still draft. Shoot the 10.9 STIG was released in Feb of this year.
 
Apple. If you're going to take the security of our devices out of our hands, you'd best do a good job of keeping on top of it yourself. Stuff like this is unacceptable.
 
ovrlrd said:
Pretty silly that Apple can't just bundle this detection into their App Store approvals process. They could also issue massive warnings to app makers and give a deadline to fix or their apps get removed.
Click to expand...

They should automatically already have removed them in order to give the developer an incentive to fix it immediately.
 
diamond.g said:
does Apple go back and patch the vulerabilities in the old OS X releases?
Click to expand...
Only what's in the security notices, and as of now, only the current OS and previous 2, so 10.10, 10.9.5, and 10.8.5. Only 10.10 got any sort of fix for Rootpipe, as incomplete as it may be.
 
What's behind Apple's decision only to patch the rootpipe vulnerability in Yosemite and not earlier versions of OSX, which half of Mac users are still using? Maybe the problem is so complex that they need all their effort to patch Yosemite and will then patch earlier versions, but they give no indication of this. Please throw your devoted users a bone, who may have legitimate reasons not to install Yosemite. Please patch rootpipe in earlier versions of OSX! :mad:
 
stop trying to pump out new iOS / OS X... fix the issues Apple.

iOS 8.3 and 3rd party keyboards still having issues.
 
mtasquared said:
What's behind Apple's decision only to patch the rootpipe vulnerability in Yosemite and not earlier versions of OSX, which half of Mac users are still using? Maybe the problem is so complex that they need all their effort to patch Yosemite and will then patch earlier versions, but they give no indication of this. Please throw your devoted users a bone, who may have legitimate reasons not to install Yosemite. Please patch rootpipe in earlier versions of OSX! :mad:
Click to expand...

"Upgrade"..... and "if you can't, buy new hardware"

that's all it is. There is no excuse for a 2 year old version of your operating system to not receive critical updates other than forced obsolescence.

one significant issue with OSx is Apple doesn't make any formal declarations on long term support of their operating systems. They can easily just say "nope" and move on to the next one and those users who are stuck for whatever reason have really little they can do but either buy new hardware or go to Microsoft / Linux to receive further support.
 
2010mini said:
Yes but the thing is with iOS devices, we don't have access to control all the wifi networks. Only when you are connected can you delete it. If you joined Starbucks last week at one location. And someone created a fake Wifi and named it Starbucks somewhere else..... Once your phone is in range it will join it. Even if you are not using your device.

That is not good. Apple needs to give us access to view and delete all the networks we connect to.
Click to expand...

Exactly! Aren't' all AT&T IPhones automatically set to trust the free AT&T Wi-Fi networks in Starbucks?
Broadly speaking, any app that uses SSL certificates - which is almost all of them - can be fed a dummy certificate that causes it to crash. If, however, you can feed that same dodgy data into the operating system itself, then the hardware will be thrown into a perpetual loop of failed restarts. That can be easily achieved if you can set up a WiFi network to behave like one of the trusted setups that iOS automatically tries to connect to. So, as Gizmodo says, all it takes is for someone to build a nefarious network, name it "attwifi" and they've got a honeytrap.
Click to expand...

http://www.engadget.com/2015/04/22/ios-ssl-flaw-skycure/?ncid=rss_truncated

----------
Cuban Missles said:
I had to go and check this out. You are totally correct. Never even thought about this scenario. We need to ask Apple to fix this. Should be simple enough to give us access to the list of wifis that we have and the ability to "forget" them.
Click to expand...

It even gets worse. The nefarious wifi can be spoofed to look like a trusted wifi and boot loop any IOS device.

http://www.engadget.com/2015/04/22/ios-ssl-flaw-skycure/?ncid=rss_truncated
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back