Apple Leaves Users Vulnerable By Not Fixing iOS and OS X Security Issues Simultaneously
Notable computer security researcher Kristin Paget, who worked on Apple's security team before leaving for Tesla in early 2014, has taken to her blog (via Ars Technica) to criticize Apple for fixing more than a dozen security flaws in iOS weeks after patching them in OS X.
iOS 7.1.1, released yesterday, patched multiple WebKit vulnerabilities that were initially fixed in OS X with the release of Safari 7.0.3 on April 1. The delay between fixes, says Paget, alerted hackers to serious flaws potentially exploitable on Apple's mobile operating system and then gave hackers ample time to exploit the vulnerabilities.
Is this how you do business? Drop a patch for one product that quite literally lists out, in order, the security vulnerabilities in your platform, and then fail to patch those weaknesses on your other range of products for weeks afterwards? You really don't see anything wrong with this?
Someone tell me I'm not crazy here. Apple preaches the virtues of having the same kernel (and a bunch of other operating system goop) shared between two platforms – but then only patches those platforms one at a time, leaving the entire userbase of the other platform exposed to known security vulnerabilities for weeks at a time?
Addressing Apple, Paget goes on to write that Apple needs to sit in front of a chalkboard and write out "I will not use iOS to drop 0day on OSX, nor use OSX to drop 0day on iOS."
In addition to the WebKit vulnerabilities that were patched out of sync, Apple also recently exposed a major OS X flaw when patching the same flaw in iOS. Back in February, with the release of iOS 7.0.6, a major SSL connection verification vulnerability came to light. Known as the "goto fail" bug, it left iOS and OS X users vulnerable to man-in-the-middle attacks where hackers could pose as a trusted website to intercept communications or acquire sensitive information.
Apple launched iOS 7.0.6 on a Friday, fixing the vulnerability on iOS but leaving OS X users vulnerable to attack until the following Tuesday, when it released OS X 10.9.2 to patch the security flaw.
Popular Stories
In an all-caps post on Truth Social today, U.S. President Donald Trump said Apple should fully end its diversity, equity, and inclusion (DEI) policies.
Tim Cook meeting with President Trump in 2017
"APPLE SHOULD GET RID OF DEI RULES, NOT JUST MAKE ADJUSTMENTS TO THEM," he wrote.
Trump's post comes one day after Apple held its annual shareholders meeting, during which a majority of...
In a recent press release, Apple confirmed that iOS 18.4 will be released in April.
From the Apple News+ Food announcement:Coming with iOS 18.4 and iPadOS 18.4 in April, Apple News+ subscribers will have access to Apple News+ Food, a new section that will feature tens of thousands of recipes — as well as stories about restaurants, healthy eating, kitchen essentials, and more — from the...
The Apple Watch Ultra 3 is expected to launch later this year, arriving two years after the previous model with a series of improvements.
While no noticeable design changes are expected for the third generation since the company tends to stick with the same Apple Watch design through three generations before changing it, there are a series of internal upgrades on the way.
By the time the ...
Apple is making significant headway on its long-rumored foldable iPhone, with a new report suggesting the company has achieved a major breakthrough by effectively eliminating the screen crease that plagues current foldable devices.
According to Korean publication ETNews, Apple is finalizing its component suppliers for the foldable iPhone, with the selection process expected to be completed...
Multiple iPhone owners today noticed a pronunciation processing issue that causes the word "Trump" to momentarily show up when using dictation to send a message with the word "racist."
In some cases, when speaking the word racist through the iPhone's built-in dictation feature, the iPhone briefly interprets the spoken word as "Trump" and "Trump" text shows up in the Messages app before being ...
According to a post on X today from a leaker known as Kosutami, Apple plans to launch AirPods Pro 3 in May or June this year.
The leaker also claimed that an AirTag 2 will launch around the same time.
Kosutami is best known as a collector of prototype Apple hardware, but they have occasionally shared accurate information about Apple's future product plans. For example, they accurately...
Apple plans to launch a second-generation AirTag in May or June this year, according to a post today from a leaker known as Kosutami.
Bloomberg's Mark Gurman previously reported that a new AirTag would be released in mid-2025. May or June would align with that timeframe.
Below, we recap three new features rumored for the AirTag 2:
With a second-generation Ultra Wideband chip, the...
The first beta of iOS 18.4 is now available, and it includes a small but useful change for CarPlay.
As we noted in our list of iOS 18.4 features, CarPlay now shows a third row of icons, up from two rows previously. However, this change is only visible in vehicles with a larger center display. For example, a MacRumors Forums member noticed the change in a Toyota Tundra, which can be equipped...
