First of all, someone would have to install a suspicious certificate to begin with. Then, that person would have to install the associated suspicious app from an email or Safari. This doesn't seem like a big issue.
Well, as explained in a few posts already, at least in iOS 8, the certificate/profile can be imbedded in the installation and basically be transparent in its installation and even for just being on the device. So, while this is still not a common thing and likely won't be, it's still simpler than that. And while not a big issue as far as how many might be affected, it's still a security issue and kind of a bad one in the sense of what it allows to do (no matter how unlikely it might be).First of all, someone would have to install a suspicious certificate to begin with. Then, that person would have to install the associated suspicious app from an email or Safari. This doesn't seem like a big issue.
This doesn't have much to do with any of that (even if that's one example of it).Who would sign up for a Chinese app store?
Stop apologizing for Apple. This is exactly how these situations come about in the first place: Too many people excusing Apple for problems with their software instead of pressing them to fix the problems.
The government has warned about Internet Exlorer and various other exploits and security issues before as well. Nothing new or surprising here. No one is crucifying anyone here (aside from some fringe that can go overboard on anything really), but it's information that is being made public so that people would know and so that a prompt fix would be that much more likely.All I can say is, I'm glad I don't have to deal with the public at this level! I deal with enough uptight people in my business, over the most minor issues.I wonder how they deal with everyday speed bumps!
Sounds like a legit concern, I'm just not sure Apple should be crucified over it? Do you really think this is Apple being malicious?
The Gov. jumping in, really? With what we have going on in our country, and across the pond?![]()
What about all the major security breaches of late, Walmart, Home Depot(twice now)and Target come to mind!
I would much rather see them (Gov.) doing something more productive! Are we really worried, this is a conspiracy to steel info from a small group of business?
I'm not at all saying Apple should ignore this, I'm sure their working on a fix!![]()
How can you explain this to a 45+ years old Man or Woman?
I've done iOS development and know that this requires a provisioning profile (separate from the app certificate) onto the device in order to install the app. This provisioning profile install requires user input, e.g. tap "Install" when prompted.
don't they have more important things to do ?
It can be part of the app install itself and not even show up in any visible way on the device itself.Does this provisioning profile get automatically downloaded with the false app, prompting the user to install it, or does the user have to install it separately (through Xcode or something)?
Ummnnn.... Sixty-plus year-old men and women designed and built the Internet you are using. Next you will claiming that you invented sex.
A.
The thing is, those people aren't necessarily good with modern technology
Ummnnn.... Sixty-plus year-old men and women designed and built the Internet you are using. Next you will claiming that you invented sex.
A.
Who wants to read multiple pages of boring legalese? We should thank lawyers.
Having the US government comment on the security of an Apple product negates the idea that Apple products are infallible. And apparently that upsets some people.
And they aren't necessarily NOT good with modern technology. To assume otherwise is asinine.
A.
(who apologizes for the double negative, but it fit)
Stop apologizing for Apple. This is exactly how these situations come about in the first place: Too many people excusing Apple for problems with their software instead of pressing them to fix the problems.
Just like common sense escapes most of the under 45 crowd, along with good manners and character.The are less likely to be familiar with technology they didn't grow up with.
Why would anyone download an iOS app from a third-party website, especially from a link you receive via SMS? I'm smart enough to know to only install and update apps through iTunes/the App Store.
Seems like a few things are being overlooked.I'm not apologizing for Apple! In order to install ANY app signed by an iOS Enterprise Certificate, you must:
- Download, accept, and install said certificate. (Funny how both article and video don't mention this)
- Actually download and install signed app.
- Use installed app.
This isn't a security flaw! This is exactly how the Enterprise program works. This is blown out of proportion and apps / certificates cannot just install themselves.
Thanks for crapping on someone who actually knows how both developer programs work.
The are less likely to be familiar with technology they didn't grow up with.
To be fair, a large part of the Windows/Android user base will click ACCEPT to anything that pops up too.Sadly a large part of the iPhone user base will click ACCEPT to anything that pops up, without even reading it. It's what America has become... we don't read, then we complain we've been scammed.