Perhaps it is how you initially phrased things that leads to the replies you’ve been getting. The problem is that the world wants more faster and convenient and is willing to sacrifice quality to get there. Companies follow the world. The world needs to be more patient and value quality.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Security Researchers Delve Into Major Vulnerability Patched in iOS 16.3 and macOS 13.2
- Thread starter MacRumors
- Start date
- Sort by reaction score
Assuming MacOS 12 and earlier are vulnerable. No love for older Macs.
Channeling the Emperor in Return of the Jedi: “You will pay the price for Tim’s lack of vision.”
There's a couple of aphorisms:
- Perfect is the enemy of good and,
- You can have it fast, right or under budget...pick two out of three.
I'd be very surprised if Apple changes it's cadence. I suppose it could, but a yearly September release is what people now expect. No company gets it right, even those with decades in the software business: KB3206632 for example. And Windows has vulnerability patches galore through the years.
LOL "security improvements to address major vulnerabilities" called it what it is they are bug fixes not "improvements".
With almost every iOS and macOS update, Apple includes a host of security improvements to address major vulnerabilities. iOS 16.3 and macOS Ventura 13.2, released back in January, were no exception. Both updates included fixes for a long list of issues, including two that were highlighted today in a report from Trellix.
Trellix Advanced Research Center discovered a new class of privilege execution bugs within iOS and macOS, which could be exploited to delve into an iPhone or Mac user's messages, location data, photos, call history, and more.
In a blog post highlighting how the bug was found, Trellix explains how mitigations that Apple introduced for the FORCEDENTRY zero-click exploit in September 2021 could by bypassed, allowing for a "huge range of potential vulnerabilities."
Trellix found its first vulnerability in the coreduetd process, which could be used to give an attacker access to a person's calendar, address book, and photos. Vulnerabilities in OSLogService and NSPredicate were able to be exploited to achieve code execution within Springboard, providing attackers access to the camera, microphone, call history, and more.
Data about these vulnerabilities was relayed to Apple, and the company fixed the exploits in iOS 16.3 and macOS 13.2 Ventura. Security support documents for both updates were refreshed yesterday to reflect the addition of the patches.
Trellix is credited with two vulnerabilities (CVE-2023-23530 and CVE-2023-23531) that Apple patched with improved memory handling. Trellix said that it thanks Apple for working quickly to fix the issues.
Article Link: Security Researchers Delve Into Major Vulnerability Patched in iOS 16.3 and macOS 13.2
Also reading the comments as my CompSci teacher said... Any program that has more than a thousand lines of code has bugs in it. Software especially operating system with a crapload of bundle apps is full of bugs period. Large applications the same thing thousands of bugs. That is why companies when they put out bug fixes they don't put the number of fixes they made because it would scare the hell out of you. Anyone who worked in development and especially in QA knows there is just no way to full test these constantly growing programs. Apple has it easy being their software only has to run on a small group of computer models. You get into the Windows and Unix world the test matrixes are gigantic with the possible number of combination of brands and models and third party add ons. Software is just too big and complex so the customers are beta testers whether they like it or not.
Good to know about the issue and very happy that the vulnerability was fixed.
No patch for you 😂
You must immediately open wallet buy new Apple machine. Only way to have true safety. THANKS TIMMY!
Everyone is making sarcastic replies but at the end of the day, it seems like Apple's best software engineers have retired or moved on to other gigs, and the new SWEs are letting bugs slip through sloppy code
features, features, features = bugs, bugs, bugs.
Apple should finally stop to release major OS updates every year! At least Apple should introduce a tic toc release scheme. New features one year, stability next year. So users can update every second year and stay away from Apples bug hell.
Apple should finally stop to release major OS updates every year! At least Apple should introduce a tic toc release scheme. New features one year, stability next year. So users can update every second year and stay away from Apples bug hell.
Show me an Apple user who thinks the "walled garden" prevents software vulnerabilities. That's never been the argument.
The benefit is Apple's ability to rapidly deploy fixes across their entire platform and product lines within a matter of days, if not hours. No other company can do that. Plenty of Apple users recognize this. Nobody is in panic mode.
Your whole position is based on a straw man argument.
Last edited:
Interesting revisionist version of what actually happened. NeXT became Apple. Every product Apple has now is based on what came from NeXT. Steve Jobs' perfectionism created what we all enjoy today. I am glad he paid attention to the details. It would be helpful if Apple still had that philosophy ingrained into their culture today.
Precisely why we need to regulate the software industry. We do not like it when a bridge falls down and causes damage, injury and death. Why are we standing around like a deer in the headlights with AI barrelling down road at us and ignoring this public interest matter? Many of the critical pieces of software we use daily should have mandated checks and balances to ensure that developers are qualified to be doing their job, developers have an ethical charter to which they are mandated to follow, and profit does not countermand safety.
Not revisionist in the least. NeXT was a failing business. Though it's influence would have continued to be felt for years, they lost in the market. Had Apple not bought it out, it would have been gone in a few years.
That's all I was getting at. The ideas at NeXT and the people at NeXT clearly got a second life at Apple, where the lessons they had learned and hard knocks they had taken were able to be put to good use in revitalizing Apple. Which is to say, I agree with you that NeXT effectively became Apple, but it's also true that Steve Jobs learned how to temper his demands by the time he got back to Apple. An attention to detail is not the same as sinking the business with bad decisions, which is what he was doing at NeXT. He learned those lessons and did better at Apple 2.0.
This thread has some really interesting takes on software engineering, gonna bookmark it to recommend to some teachers.
Great idea to regulate the entire industry because of some unavoidable bugs.
Following your idea, I would suggest that by the power of our governments, we freeze all OS development until a complete audit of all code has been done. Every developer has to show what their code is doing and report to Elon Musk personally for a code review session. After we're done with this in about 2070, we declare the audited OSs bug-free and put the death penalty on any detrimental code changes.
Sorry, gotta go, more ideas later.
I believe I said developers should be competent, they should act ethically and put public safety before profit.
And then you went on about "mandated checks and balances". Good luck checking software for all eventualities. Who's going to check that? Even more competent developers? Politicians?
To think you can have "mandated checks and balances" on all important pieces of software without stifling development is naive at best.
Why don't you bring that up on a forum with more experts on it than this one and see how that is received? We're getting dangerously far away from the original thread subject.
Apologies if my statement was not clear. Mandated checks and balances refers to ensuring we have competent developers, ethical behaviour and a public safety priority when we are talking about critical infrastructure.
Maybe. Apple doesn't way whether or not the older OSes are vulnerable, and they won't necessarily provide patches even if it is, even when the OS is getting some other security updates.