Apple fails to plug all the security holes
Interpolating what is a very confused set of statements, it appears that Apple has plugged their security holes in iOS4 but not elsewhere, leaving some of their hardware open to highly publicized exploits.
The security problems that Apple fixed in their latest patch release were those exploited by the hacker “Comex” on the Web site he uses to jailbreak Apple mobile devices and one which left a vulnerability when opening a PDF file on mobile Safari. It appears that Apple patched the holes in iOS4 devices, which is all that was covered by their latest update, but left the holes open on the many iPhones that have not been (or could not be) upgraded to 1OS4, plus the iPad, for which iOS4 has not yet been released. There even seems to be a risk for Apple’s OS X operating system.
People that have used Comex’s site to jailbreak their devices would lose the abilities gained by that move if they apply Apple’s security update. According to noted security analyst Graham Cluey, quoted in a BBC article, “It remains to be seen, of course, how many iPhone and iPad users decide to install this security patch. Some may be delighting in their newly-jailbroken gadget.” Cluey was very clear that not applying the security patch is very risky and that users who skip the update will be making a “foolish move.”
The security holes are very wide and can be exploited by just visiting a hostile Web site or clicking on a link in an email or text message. The patch is optional, and some users may not apply it to their iPhones, leaving them vulnerable to yielding control of their devices to a hacker, especially now that Comex has made the malicious code widely available. Apple and security experts are strongly advising that users upgrade, though iTunes is not forcing the issue. When you sync your iPhone 4, it continues to tell you that your operating system is up to date and does not even suggest that you apply the security update. You would think Apple would manage to at least have iTunes say the update is available.
Add that Apple oversight to the fact that millions of iPhones and every iPad ever sold is still open to these widely distributed exploits and you have a huge problem for owners. Apple’s response for these latter groups is quite slow and approaches negligence when the lack of a fix for the wildly popular iPad is considered.
Related Posts:
August 13th, 2010
I trust apple. “Users who have jailbroken their devices, hacking them in a legal but warranty-busting move to run unauthorized apps, will lose access to the unauthorized content.” I’ve mean to install iOS 4 on my 3GS to get multitasking with it. But now I’m thinking about it…I just want to enjoy it security. I prefer use third party software like video converter and dvd ripper on my mac for my iphone 3GS, know as ifunia, to installing apps directly in it.
August 14th, 2010
This article is totally incorrect.
There is an update for both iPad and iPhone.
iTunes comes up and advises you to upgrade with a click or you have to specifically skip. But the next time you connect it asks you to upgrade again.