Apple Leaves Users Vulnerable By Not Fixing iOS and OS X Security Issues Simultaneously
Notable computer security researcher Kristin Paget, who worked on Apple's security team before leaving for Tesla in early 2014, has taken to her blog (via Ars Technica) to criticize Apple for fixing more than a dozen security flaws in iOS weeks after patching them in OS X.
iOS 7.1.1, released yesterday, patched multiple WebKit vulnerabilities that were initially fixed in OS X with the release of Safari 7.0.3 on April 1. The delay between fixes, says Paget, alerted hackers to serious flaws potentially exploitable on Apple's mobile operating system and then gave hackers ample time to exploit the vulnerabilities.
Is this how you do business? Drop a patch for one product that quite literally lists out, in order, the security vulnerabilities in your platform, and then fail to patch those weaknesses on your other range of products for weeks afterwards? You really don't see anything wrong with this?
Someone tell me I'm not crazy here. Apple preaches the virtues of having the same kernel (and a bunch of other operating system goop) shared between two platforms – but then only patches those platforms one at a time, leaving the entire userbase of the other platform exposed to known security vulnerabilities for weeks at a time?
Addressing Apple, Paget goes on to write that Apple needs to sit in front of a chalkboard and write out "I will not use iOS to drop 0day on OSX, nor use OSX to drop 0day on iOS."
In addition to the WebKit vulnerabilities that were patched out of sync, Apple also recently exposed a major OS X flaw when patching the same flaw in iOS. Back in February, with the release of iOS 7.0.6, a major SSL connection verification vulnerability came to light. Known as the "goto fail" bug, it left iOS and OS X users vulnerable to man-in-the-middle attacks where hackers could pose as a trusted website to intercept communications or acquire sensitive information.
Apple launched iOS 7.0.6 on a Friday, fixing the vulnerability on iOS but leaving OS X users vulnerable to attack until the following Tuesday, when it released OS X 10.9.2 to patch the security flaw.
Popular Stories
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices.
iPhone 17 Pro concept based on rumors
Below, we recap key changes rumored for the iPhone 17 Pro models as of January 2025:
More aluminum: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models ...
If you've been hearing a chiming sound from your AirPods Pro 2 case when the AirPods are charging, it's a feature that Apple added with the launch of Hearing Health last year.
In a support guide, Apple says that the AirPods Pro may play a sound every so often while in the case to ensure the microphones and speakers are working as intended. From Apple:
To help ensure that your AirPods...
This year's iPhone 17 Pro models will feature a smaller main camera sensor than the one used in the Fusion camera currently found in iPhone 16 Pro models, according to Weibo-based leaker Digital Chat Station.
The Chinese leaker claims that Apple will adopt a 1/1.3" sensor for the 48MP main camera in the iPhone 17 Pro and iPhone 17 Pro Max, down from the 1/1.28" sensor used in the iPhone 16...
Apple is widely rumored to be planning a new iPhone SE, and multiple sources lately have commented on the device's launch timing.
The latest word comes from Apple supply chain analyst Ming-Chi Kuo. In a blog post today, he said the device will be released around the middle of the first half of 2025. In other words, around the quarter mark of 2025. That means the next iPhone SE will likely be ...
Apple's slate of 2025 products look to be dominated by a large number of low-cost and entry-level devices. Here's what to expect.
With advancements like Apple Intelligence and all-new in-house chip designs, Apple is reportedly looking to enhance many of its budget-friendly offerings, ensuring they remain competitive in an increasingly crowded market. These updates also indicate a slight...
It was recently reported that new Apple TV and new HomePod mini models will launch this year, and the devices are expected to have one thing in common.
Bloomberg's Mark Gurman last month reported that the new Apple TV and the new HomePod mini will be equipped with Apple's own combined Wi-Fi and Bluetooth chip. Gurman said the chip supports Wi-Fi 6E, so that could end up being a key upgrade...
Bloomberg's Mark Gurman recently reported that Apple plans to release new HomePod mini and Apple TV models this year, and now he has provided a more precise timeframe.
In his Power On newsletter today, Gurman said Apple is currently aiming to launch the new HomePod mini and Apple TV models "toward the end of the year."
That timeframe suggests the devices will be released at some point...
Apple Intelligence hasn't convinced people to buy an iPhone 16, Apple analyst Ming-Chi Kuo said today. According to Kuo, a supply chain survey suggests Apple Intelligence is not pushing people to upgrade their devices.
The delay between the Apple Intelligence introduction in June 2024 and a launch even after iPhone 16 models came out was a contributing factor, and Apple Intelligence "appeal...
Apple in October 2024 overhauled its 14-inch and 16-inch MacBook Pro models, adding M4, M4 Pro, and M4 Max chips, Thunderbolt 5 ports on higher-end models, display changes, and more. That's quite a lot of updates in one go, but if you think this means a further major refresh for the MacBook Pro is now several years away, think again.
Bloomberg's Mark Gurman has said he expects only a small...
