Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

iPad Left Vulnerable After Record iPhone Patch Job

kdawson posted more than 4 years ago | from the only-three-million-who-would-bother dept.

Security 145

CWmike writes "With Monday's iOS 4 upgrade, Apple patched a record 65 vulnerabilities in the iPhone, more than half of them critical. However, the first-generation iPhone and iPod Touch, as well as the much newer iPad, may have been left vulnerable to some or all of the 65 bugs. iOS 4 cannot be installed on 2007's iPhone and iPod Touch, and the upgrade is not slated to reach iPad owners until this fall. The bug count is a record for the iPhone, surpassing the previous high mark of 46 vulnerabilities patched last summer with iPhone OS 3.0. Formerly known as iPhone OS 4, iOS 4 included 35 bugs, or 54% of the total, that were tagged with the phrase 'arbitrary code execution.' It's unclear how many, if any, of the vulnerabilities affect Apple's iPad. The media tablet runs an interim version of the operating system, dubbed iPhone 3.2, that followed the February iPhone 3.1.3 security update. It's possible that some of the bugs patched Monday were fixed by Apple before it launched the iPad in early April. But according to the Common Vulnerabilities & Exposures database, it's likely that many of the flaws fixed on Monday still exist in 3.2."

Sorry! There are no comments related to the filter you selected.

They're no bugs in Apple products! (-1, Flamebait)

Pojut (1027544) | more than 4 years ago | (#32657422)

/sarcasm

HAHA, Tom Hanks.

Re:They're no bugs in Apple products! (0, Flamebait)

Monkeedude1212 (1560403) | more than 4 years ago | (#32657450)

I know! How can they talk about how Apple Products don't suffer from viruses or other Malware when they are patching record numbers!

The only time I saw more than 65 windows updates in a single download is an XP that was still on Service Pack 2.

Re:They're no bugs in Apple products! (0)

ivucica (1001089) | more than 4 years ago | (#32657676)

I'm more surprised that a phone is subject to so many vulnerabilities. Yet again, it is a pretty sophisticated piece of software. Hence, thanks for fixing the stuff, Apple; better late security than no security.

Re:They're no bugs in Apple products! (5, Informative)

BarryJacobsen (526926) | more than 4 years ago | (#32657728)

I'm more surprised that a phone is subject to so many vulnerabilities. Yet again, it is a pretty sophisticated piece of software. Hence, thanks for fixing the stuff, Apple; better late security than no security.

According to the article, 50 of the bugs are bugs in Webkit (side note: which would mean these bugs are likely present in Android, as Google uses Webkit for their browser, too), so it appears that web browsing is the most sophisticated piece (understandably.)

Re:They're no bugs in Apple products! (1)

Alien1024 (1742918) | more than 4 years ago | (#32658146)

bugs in Webkit (side note: which would mean these bugs are likely present in Android, as Google uses Webkit for their browser, too

That may be the case, but I wouldn't bet on it. The rendering engine is the same, but everything else is different - Android is based on Linux, iPhoneOS is based on Darwin. Different platforms, different architectures, different builds.

Following that reasoning the bugs should also be in Chrome and Safari on Linux, MacOS, Windows...

Webkit is the rendering engine (1)

name_already_taken (540581) | more than 4 years ago | (#32658222)

That may be the case, but I wouldn't bet on it. The rendering engine is the same, but everything else is different - Android is based on Linux, iPhoneOS is based on Darwin. Different platforms, different architectures, different builds.

Following that reasoning the bugs should also be in Chrome and Safari on Linux, MacOS, Windows...

Webkit is the rendering engine. If the bugs are in Webkit, then they are in all the products that use Webkit.

Re:Webkit is the rendering engine (1)

BarryJacobsen (526926) | more than 4 years ago | (#32658238)

That may be the case, but I wouldn't bet on it. The rendering engine is the same, but everything else is different - Android is based on Linux, iPhoneOS is based on Darwin. Different platforms, different architectures, different builds.

Following that reasoning the bugs should also be in Chrome and Safari on Linux, MacOS, Windows...

Webkit is the rendering engine. If the bugs are in Webkit, then they are in all the products that use Webkit.

And indeed they were in Safari, which was patched earlier this month.

Re:Webkit is the rendering engine (0, Flamebait)

Alien1024 (1742918) | more than 4 years ago | (#32659168)

That may be the case, but I wouldn't bet on it. The rendering engine is the same, but everything else is different - Android is based on Linux, iPhoneOS is based on Darwin. Different platforms, different architectures, different builds.

Following that reasoning the bugs should also be in Chrome and Safari on Linux, MacOS, Windows...

Webkit is the rendering engine. If the bugs are in Webkit, then they are in all the products that use Webkit.

And indeed they were in Safari, which was patched earlier this month.

I notice my Chrome install got updated around the same time too. But are they the same bugs this article refers to?

If they are, I wonder why this isn't making headlines on Android's vulnerability -- my Android browser didn't get an update since I bought it months ago with 1.6, and AFAIK the only official way to update Webkit on Android is to upgrade it to a newer Android version when it gets released for your phone.

Re:Webkit is the rendering engine (1)

SCVirus (774240) | more than 4 years ago | (#32658246)

False. Some bugs affect only some operating systems and archetectures. Additionally, chrome has added security in the form of a sandbox. A sec

Did Chrome crash while you were typing your reply? (2, Funny)

Brannon (221550) | more than 4 years ago | (#32658892)

Did Chrome crash while you were typing your reply?

Re:They're no bugs in Apple products! (1)

UnknowingFool (672806) | more than 4 years ago | (#32658276)

Mobile browsers based on WebKit are more likely to be similar than desktop browsers. It is more likely that Android and iPhone have issues but not OS X or Chrome.

Re:They're no bugs in Apple products! (2, Insightful)

Mister Whirly (964219) | more than 4 years ago | (#32657884)

Hence, thanks for fixing the stuff, Apple; better late security than no security.

If you replaced Apple with Microsoft and posted that same statement, do you think you would have been rated Interesting or would you have been modded into negative oblivion with Flamebait or Troll? Why is it that Apple gets a free pass on everything it does half-assed regarding security, yet Microsoft's feet are held to the fire instantly?

Re:They're no bugs in Apple products! (0)

recoiledsnake (879048) | more than 4 years ago | (#32658298)

Someone is going to post some long justification about exploits in the wild and some blah blah about monopoly. Whereas when it's about MS it's 'M$ can't code'. Apple gets a free pass on everything, including DRM in the iPhone and Trusted Computing.

Apple seems to have a particularly strong fanbase even amongst geeks which can't take valid criticism and does not hesitate to use their mod points for days after a story to stamp out any posts that can be construed as negative towards Apple.

The only thing more annoying than an Apple Fanboy (-1, Troll)

skelterjohn (1389343) | more than 4 years ago | (#32658332)

is an Apple fanboy hater. Get over yourself.

Re:They're no bugs in Apple products! (1)

Graff (532189) | more than 4 years ago | (#32658538)

Apple seems to have a particularly strong fanbase even amongst geeks which can't take valid criticism and does not hesitate to use their mod points for days after a story to stamp out any posts that can be construed as negative towards Apple.

Eh, I posted a few things the other day that weren't positive towards Apple but they were knocking down a few overzealous anti-Apple rumors and myths. I got modded down for it. It happens on both sides, a lot of people here are overly emotionally-invested in things and they tend to lash out rather than use reason.

The funny thing is that I've been capped at the highest level of karma forever and the downmods were reversed in a few days by upmods and meta-moderation. It's no biggie and I never find it useful to complain about moderation. Just keep posting reasonable statements and it will all take care of itself, post like a troll and you'll get smacked down a lot.

As for Microsoft, Apple, or whatever, all companies do stuff that is in their best interest but which might not be great for the consumer/public. It's good to be informed about their actions because that allows us to do the right thing: vote with our dollars. If you don't like how a company is run then don't buy from it.

Re:They're no bugs in Apple products! (1)

Nerdfest (867930) | more than 4 years ago | (#32658324)

Microsoft has tastier feet. Duh.

Re:They're no bugs in Apple products! (0, Troll)

DJRumpy (1345787) | more than 4 years ago | (#32658572)

Perhaps because Apple is patching these before they are exploited in the wild, rather than after? TIf the phone OS follows the same pattern as the desktop updates, they will continue to support the 3.x branch for quite a few years with security patches just as Apple continues to support Leopard as well as Snow Leopard. There is absolutely nothing preventing Apple from pushing the same patches to the 3.x line. It's also not a sure thing that these patched vulnerabilities that have been patched in 4.0 exist in 3.0. No where in the article does it claim as much. It simply hints that they might exist in both (and I agree it's likely that some do).

Re:They're no bugs in Apple products! (3, Insightful)

ivucica (1001089) | more than 4 years ago | (#32658852)

Obviously it doesn't, seeing how I ended up with a 0 score. Not only that, your flamebait ended up with +4 insightful.

And yes, I can honestly say that replacing Apple with Microsoft would yield almost same response from me. "Sloppy, Microsoft, but better late than never! Thanks". Not the same, but close.

Re:They're no bugs in Apple products! (1)

theantipop (803016) | more than 4 years ago | (#32658862)

Calm down, chief. One mod gave him an interesting nod, two others downrated him. The amount of freak out about moderation in the last couple years is getting pretty annoying.

Okay, point me to an exploit. (1)

Brannon (221550) | more than 4 years ago | (#32658860)

Go ahead...I'll wait.

Re:Okay, point me to an exploit. (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#32659592)

*Points to article*

???

There were clearly exploits? Are you trying to say there weren't any there?

Re:They're no bugs in Apple products! (0)

Anonymous Coward | more than 4 years ago | (#32657708)

There never were and there never will be.

Re:They're no bugs in Apple products! (1)

0xdeadbeef (28836) | more than 4 years ago | (#32658186)

No, there aren't. And the malware that takes advantage of them are not exploits, they're jailbreaks (for somebody, not necessarily the owners).

It's a phone (0)

Anonymous Coward | more than 4 years ago | (#32657474)

It's a frigging phone. The biggest vulnerability they haven't patched is people leaving it in bars. Who cares if it has vulnerabilities. It's a phone.

Re:It's a phone (5, Insightful)

heruvian (1816212) | more than 4 years ago | (#32657504)

Yes, a phone that you can use to access your bank account on the internet.

Mine is vulnerable. (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32657554)

She often cries after sex, especially when I jizz all over her.

Re:It's a phone (5, Insightful)

Lundse (1036754) | more than 4 years ago | (#32657566)

Who cares if it has vulnerabilities. It's a phone.

A phone which is able to broadcast your real-time location.
A phone which has all your mails, all your texts and logs of all your calls, and a few private photoes to boot.
A phone with verified contact information for all your friends, and sellable information on yours and their preferences.
A phone that can call any number, including premium-rated ones owned by shady organizations.

Yeah. Who cares is someone else gains control of that?

Re:It's a phone (2, Insightful)

dhanson865 (1134161) | more than 4 years ago | (#32657716)

A phone which is able to broadcast your real-time location.
A phone which has all your mails, all your texts and logs of all your calls, and a few private photoes to boot.
A phone with verified contact information for all your friends, and sellable information on yours and their preferences.
A phone that can call any number, including premium-rated ones owned by shady organizations.

Yeah. Who cares is someone else gains control of that?

On top of calling pay phone numbers (900 numbers and such) if it copies all your data to a server somewhere you may go over your data plan and have to pay $15 per 200MB transferred or $10 per 1GB transferred depending on your plan.

DataPlus - 200 MB of data for $15 per month

        * Designed for people who primarily surf the Web, send email, and use social networking apps.
        * On average, 65% of AT&T smartphone customers use less than 200 MB per month
        * If you use more than 200 MB, you'll receive an additional 200 MB of data usage for $15, replenished as often as necessary during the billing cycle.

DataPro - 2 GB of data for $25 per month

        * Designed for people who regularly download or stream music and video, or use other high bandwidth applications
        * 98% of AT&T smartphone customers use less than 2 GB in a month on average
        * If you exceed 2 GB, you'll get an additional 1 GB of data for only $10. Each time an additional 1 GB is used up during a cycle, you will automatically receive another 1 GB at the same low price.

they can sign up for a $20 /m Premium text club do (1)

Joe The Dragon (967727) | more than 4 years ago | (#32658052)

they can sign up for a $20 /m Premium text club download high cost apps.

Re:they can sign up for a $20 /m Premium text club (1)

BarryJacobsen (526926) | more than 4 years ago | (#32658344)

they can sign up for a $20 /m Premium text club download high cost apps.

Hrm, that does remind me that I get unlimited texting for cheaper than their data plans...has anyone come up with an HTTP over SMS solution? :P

Re:they can sign up for a $20 /m Premium text club (0)

Anonymous Coward | more than 4 years ago | (#32658978)

has anyone come up with an HTTP over SMS solution? :P

That'd work at about 80 bytes per second with a ping of about 10 seconds! You'd be better to use it to synchronise your email & contacts at that rate..

Re:they can sign up for a $20 /m Premium text club (0)

Anonymous Coward | more than 4 years ago | (#32659164)

...has anyone come up with an HTTP over SMS solution?

Yeah, it's called WAP http://en.wikipedia.org/wiki/Wireless_Application_Protocol [wikipedia.org]

WSP - wireless session protocol http://en.wikipedia.org/wiki/Wireless_Session_Protocol [wikipedia.org] is the top layer of the protocol. It's kind of an optimised binary HTTP running over WTP. Since it's session-based, you set up the agreed data formats and associated headers etc. at the beginning and reuse them for every request. Much better than HTTP on a high-latency network, but not that important now we have megabit connections on mobiles.

WTP is basically TCP redesigned to handle frequent and long lasting packet loss episodes without getting it's knickers in a twist. WTP is layered on top of WDP (wireless datagram protocol) which is transport-agnostic and used to mostly run over SMS or a dial-up data connection. It was briefly hyped about ten or twelve years ago.

Say what you like about how crap WML was (and it was really crappy...) but the WAP protocol stack was very well designed. WAP protocols are behind most of the MMS functionality - message delivery is essentially a connectionless push datagram.

You could do fantastic things using the WAP protocol which still aren't easily possible today on IP networks. Unsolicited push messages could be addressed to a particular subscriber, and not only that to a particular application running on the subscriber's handset. It was really powerful, mostly because the phone number was the network address. If only they had stuck with HTML as the markup language and GIF/Jpeg as the image formats.

Re:they can sign up for a $20 /m Premium text club (1)

sznupi (719324) | more than 4 years ago | (#32660428)

...If only they had stuck with HTML as the markup language and GIF/Jpeg as the image formats.

Wasn't that also abour severe hardware limitations of handsets back then?

Re:It's a phone (1)

jackspenn (682188) | more than 4 years ago | (#32658704)

You know I don't need a security exploit to cause iPhone/iPad users trouble by pushing them over their data plan.

All we need to do is send them e-mails with attachments and it just so happens that I have a long list of iPad users I purchased from my Russian friends.

Hey that gives me a great idea. I invest in AT&T stock, take advantage of their pricing scheme by flooding AT&T users with more bits then they can afford, sell the stock after the quarterly profits shoot through the roof. Wow, making money like a Chicago gangster is fun.

For bonus points I could short Apple stock, and use a virus that infects iDevices (They have taken more than a year to patch some security holes, so I just need to keep an eye out for one that works for me, that way I could push people over on the send and recieve sides as my virus propogates and depreciates Apples inflated share price.

Re:It's a phone (0)

Anonymous Coward | more than 4 years ago | (#32657882)

2011 - Rise of the iZombie

Re:It's a phone (1)

Yvan256 (722131) | more than 4 years ago | (#32658868)

As long as there's only one, we'll manage.

Re:It's a phone (1)

Haxzaw (1502841) | more than 4 years ago | (#32658226)

So there are vulnerabilities, but how likely are they to be exploited? That's the real problem. I couldn't care less about the vulnerabilities if they cannot be used against me.

Re:It's a phone (1)

fullgandoo (1188759) | more than 4 years ago | (#32659172)

How stupid CAN you be? They are vulnerabilities BECAUSE they can be exploited against you.

Re:It's a phone (1)

jedidiah (1196) | more than 4 years ago | (#32658880)

I am less worried about the sorts of bugs that allow me to jailbreak an iphone and take full control of it than I am worried about the things that Apple does intentionally or allows application vendors to do intentionally. The same goes for Google.

I trust Apple far less than I do the general robustness of Unix in general and Apple flavors in particular.

Re:It's a phone (0)

Anonymous Coward | more than 4 years ago | (#32659098)

How many times have you heard of someones phone being hacked in daily life??? Without it going out of their possession?

The fact that root/alpine will own that phone and everyone knows it is how insecure apple and everyone except you feel about a PHONE.

Re:It's a phone (2, Informative)

Stray7Xi (698337) | more than 4 years ago | (#32659444)

A phone which is able to broadcast your real-time location.
A phone which has all your mails, all your texts and logs of all your calls, and a few private photoes to boot.
A phone with verified contact information for all your friends, and sellable information on yours and their preferences.
A phone that can call any number, including premium-rated ones owned by shady organizations.

Yeah. Who cares is someone else gains control of that?

Worse, how as a user can you even mitigate this risk?
You can't stick it behind a firewall (except on wifi) to detect weird traffic patterns.
There is no task manager of any kind (yes stock has very limited multitask but malware can jailbreak to rootkit)
There is no booting off a bootdisk to get a checksum of firmware.
It's like being logged onto windows with a locked down user account, unable to view the OS in any way.

The only thing as a user you can do is monitor your bills closely for unusual patterns.

Stop with the "record number of bugs fixed" please (2, Insightful)

e2d2 (115622) | more than 4 years ago | (#32657508)

If another person claims a "record" on the number of bugs fixed in an apple release out I'm gonna jump off a fucking cliff.

Bugs are not good. Lots of bugs are worse. Fixing them? You don't get a medal, you should have done it right the first time. Yes it's good to patch them, but it's not something to break out the champagne on. When I fix a huge bug list my boss says "about time", not "good job! way to work!".

Re:Stop with the "record number of bugs fixed" ple (1)

ivucica (1001089) | more than 4 years ago | (#32657700)

Better late than never. And it's rather easy to create mistakes when focusing not on security, but on performance and ease of use.

That said ... it's surprising that a phone is so riddled with security flaws.

Re:Stop with the "record number of bugs fixed" ple (1)

BarryJacobsen (526926) | more than 4 years ago | (#32657810)

That said ... it's surprising that a phone is so riddled with security flaws.

50 of the security flaws were in WebKit, so it's not so much that the phone is riddled with flaws, but that a web browser is.

Re:Stop with the "record number of bugs fixed" ple (1)

dakameleon (1126377) | more than 4 years ago | (#32660054)

... and they don't allow any other (real) browser on the phone, either. I might be parroting comments from above, but if this was a certain other large technology company the vitriol here would have been through the roof.

Re:Stop with the "record number of bugs fixed" ple (0)

Anonymous Coward | more than 4 years ago | (#32658122)

but on performance and ease of use.

and in an OS that just added 3rd party (psuedo)multitasking, no less.

Re:Stop with the "record number of bugs fixed" ple (2, Insightful)

sphantom (795286) | more than 4 years ago | (#32657834)

This might be a perspective thing, but I read "Company X has patched a record number of security holes" as a negative thing, not as something the OP or company X is reporting to gloat about. I've taken the liberty of reading the links by the OP (shocking, I know), and didn't find any of them to really be coming across as something that anyone is looking for a pat on that back for (and for the record, I didn't see an official comment from Apple on their "record patch job").

Fundamentally, you're right though. It'd be nice if companies could make flawless products, but it seems to be the exception rather than the rule, and when any company addresses a record number of fixes to a product's flaws, I see no reason why it shouldn't make the news. Granted, some fanboys will try and spin it into a positive of some kind, but that's not really shocking and we all know how trustworthy fanboys are.

My $0.02.

Walled garden? (0)

Anonymous Coward | more than 4 years ago | (#32657514)

Doesn't the walled garden protect the users, to a large degree?

Re:Walled garden? (1)

recoiledsnake (879048) | more than 4 years ago | (#32657534)

Not against bugs in Safari, for sure. And some exploits are local ones.. like connecting a locked iPhone to a computer and reading all the personal data from there.

Re:Walled garden? (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#32657666)

That's because only social retards use Bing.

Re:Walled garden? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32657578)

Only if you don't connect your iDevice to a network.

Re:Walled garden? (1)

arose (644256) | more than 4 years ago | (#32658410)

That doesn't really need a walled garden then...

Re:Walled garden? (1)

jackspenn (682188) | more than 4 years ago | (#32658828)

Sadly no, you're thinking of the FIREWALLED GARDEN

Funny (3, Insightful)

DrugCheese (266151) | more than 4 years ago | (#32657570)

Funny how M$ us to be on top and all you'd read about was the security vulnerabilities left unpatched and with apple on top, with their new line of hardware, are having the same issues. I wonder if we'll ever see something like the Melissa virus, or the iJerk.

Re:Funny (2, Insightful)

magsol (1406749) | more than 4 years ago | (#32657780)

With Apple finally gaining in the markets, it's becoming profitable to create exploits. While the fanbois would have you believe that Apple products simply weren't exploitable, the simple facts are that 1) there simply weren't enough Apple products in the wild to justify an exploit, and 2) Apple seems to prefer the "silent failure" route (which, admittedly, is less obvious than a BSOD) so users don't know they've been compromised.

Now that devices like the iPhone, iPad, even iPods have become all but ubiquitous, I bid Apple a very warm welcome to the malware-infested playing field M$ has been inhabiting all this time.

Re:Funny (1)

Moridineas (213502) | more than 4 years ago | (#32658368)

2) Apple seems to prefer the "silent failure" route

What do you mean?

Re:Funny (4, Funny)

BarryJacobsen (526926) | more than 4 years ago | (#32658492)

2) Apple seems to prefer the "silent failure" route

What do you mean?

Apple's Human Interface Guidelines for Malware on OS X and iOS specifically state not to inform the user of their presence.

Re:Funny (1)

whitedsepdivine (1491991) | more than 4 years ago | (#32658786)

{{citation needed}}

Re:Funny (1)

BasilBrush (643681) | more than 4 years ago | (#32658466)

I bid Apple a very warm welcome to the malware-infested playing field M$ has been inhabiting all this time.

Can you name any malware that affects a non-jailbreak iPhone or iPad?

Re:Funny (2, Informative)

phantomfive (622387) | more than 4 years ago | (#32657912)

In the old days, in addition to Microsoft's OS being an open door, a lot of those computers were left on the open internet, making it easy for viruses to find computers to attack. Also, OS distributors didn't really catch on to the idea that leaving services open was a bad idea (it just seemed like being a good netizen to leave your finger port open). For example, I don't think RedHat stopped shipping with the FTP port open by default until 2001 or 2002. And that was a secure OS, Windows was much worse.

In comparison, most iPads and iPhones are hidden behind a firewall, or are natted. You can't randomly probe ip addresses hoping to find one that is an iPad with a vulnerability that you're looking for. Maybe the best you can do is hope someone with the right device will surf to your web page with the exploit.

That doesn't stop email viruses, but given that iPads are only a fraction of the computers out there, I think we're more likely to see a serious email virus from a bug in Outlook than one on an iPad.

Have you... (1)

matt4077 (581118) | more than 4 years ago | (#32657580)

...ever tried improvising on a piano? It's always difficult to find the right way to end, and so you go on and on, frequently repeating yourself. The summary's writer felt the same way.

Is this speculation? (0, Redundant)

AmazinglySmooth (1668735) | more than 4 years ago | (#32657590)

What is the point of speculating? It would be news if an exploit was in the wild.

Re:Is this speculation? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32657660)

What is the point of speculating? It would be news if an exploit was in the wild.

well, the reason for disclosure is that it might already be exploited by someone, even if it's not public knowledge.

Re:Is this speculation? (1)

halestock (1750226) | more than 4 years ago | (#32657774)

Exactly. Heck, by their own admission it's speculation. From TFA: "It's unclear how many, if any, of the vulnerabilities patched this week affect Apple's iPad." Which is definitely a far cry from the horrors the article's title implies.

Re:Is this speculation? (1)

BarryJacobsen (526926) | more than 4 years ago | (#32658414)

Exactly. Heck, by their own admission it's speculation. From TFA: "It's unclear how many, if any, of the vulnerabilities patched this week affect Apple's iPad." Which is definitely a far cry from the horrors the article's title implies.

Exactly. Heck, by their own admission it's speculation. From TFA: "It's unclear how many, if any, of the vulnerabilities patched this week affect Apple's iPad." Which is definitely a far cry from the horrors the article's title implies.

This is the new journalism - don't give facts, give possibilities and raise questions - you can sound much scarier and it's not saying anything that's false because all you did was say something was possible.

New iPhone may be made from the bones of children! Does Steve Jobs drink the blood of 15 virgins before bed each night? Find out more after the page break!

Arbitrary Code Execution (4, Insightful)

aaaaaaargh! (1150173) | more than 4 years ago | (#32657594)

I wouldn't call that a bug. :-)

Re:Arbitrary Code Execution (1)

Argilo (602972) | more than 4 years ago | (#32657856)

Indeed, it's pretty much the whole point of jailbreaking. :-) And as far as I know, the some of the jailbreaking tools exploit arbitrary code execution vulnerabilities to do their job.

Re:Arbitrary Code Execution (0)

Anonymous Coward | more than 4 years ago | (#32657888)

I wouldn't call that a bug. :-)

hehe, good one, this is actually a shortcut to jailbreaking :)

holy shit! (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32657638)

I just shit my pants thinking about how much better adroid vs the toyphone. Open Source wouldn't have this problem.

Re:holy shit! (1)

Tsunayoshi (789351) | more than 4 years ago | (#32657778)

Really? So Android has no bugs/exploits in it? The various phone vendors that add their own code to the Android base also didn't introduce any bugs/exploits? And let me guess, the linux kernel has never had an exploit fixed?

ALL software has this problem. Open Source means it is much easier to bring them to light instead of depending on a proprietary vendor's announcement. Open Source does not mean the software doesn't have bugs/exploits.

Re:holy shit! (4, Interesting)

Graff (532189) | more than 4 years ago | (#32657902)

Really? So Android has no bugs/exploits in it?

Of course Android has bugs. In fact, it's based on WebKit and so it has many of the SAME bugs that the iOS does because many of these patched bugs are in WebKit.

Like you said, bugs are nearly unavoidable. All you can do is try your best to code well in the first place and then fix them when you find out you still have a few that you missed. They key really is the severity of the bugs, are they so blatant that they make the device unusable or trivial to exploit? Obviously the bugs aren't so bad in iOS because the devices still work well and there isn't any serious malware out there yet.

It's most likely that one of these days there will be a major bug/security flaw. We'll see how Apple handles that but so far their track record is fairly decent.

Re:holy shit! (1)

Altus (1034) | more than 4 years ago | (#32658058)

In fact, you might have much more trouble getting those bug fixes on your android phone depending on the level of customization your phone requires and the phone manufacturers willingness to roll up a patch with the latest version of Android.

Of course the original iPhone is in a bit of a bind as well.

Re:holy shit! (1)

UnknowingFool (672806) | more than 4 years ago | (#32658434)

Yes like 50 of the bugs were with WebKit. If WebKit was open source, someone would have found it sooner. Oh wait, it IS open source. And Android uses WebKit. . . so I guess that defeats your arguments.

No ipad updates of any kind (1)

proxima (165692) | more than 4 years ago | (#32657740)

There have been no ipad core OS updates of any kind since its release. This includes expected improvements like software tweaks to make wifi more reliable. There were rumors that the ibooks app was released on the App Store so it could get more frequent updates than the core OS, yet it has only had one major update (yesterday's, adding PDF support and a few other features).

Web rendering engines have security vulnerabilities, and webkit is no exception. Since Apple allows no competing renderers (alternative browsers still use webkit), it has an even greater responsibility to push security updates at least as often as they do for Mac OS X. Hopefully the official iOS 4 release means the developers/QA people have some time to work on iOS 3 patching.

Re:No ipad updates of any kind (1)

BarryJacobsen (526926) | more than 4 years ago | (#32657892)

Hopefully the official iOS 4 release means the developers/QA people have some time to work on iOS 3 patching.

I'd hope that instead of spending that time patching iOS 3 they just try to release iOS 4 for iPad much sooner (that'd probably be the largest gain, after that if they really want they can work on porting the changes so the people with an original iPhone have security fixes, but I don't actually know the if the numbers would make it worthwhile).

Re:No ipad updates of any kind (3, Insightful)

proxima (165692) | more than 4 years ago | (#32658034)

I'd hope that instead of spending that time patching iOS 3 they just try to release iOS 4 for iPad much sooner (that'd probably be the largest gain, after that if they really want they can work on porting the changes so the people with an original iPhone have security fixes, but I don't actually know the if the numbers would make it worthwhile).

You have to support recent releases of your operating system with security updates, as not everyone is going to upgrade to the latest and greatest OS for any number of reasons. Lots of people with the 3G are reporting performance issues with iOS 4 (and few benefits). Until this release, OS updates for the ipod touch weren't free as well.

This becomes extremely important in the enterprise, where changes are handled more carefully. These mobile platforms seem to be way too fast of a moving target, though. Even Mac OS X gets deprecated fairly quickly relative to enterprise schedules. It's clear that Apple just isn't targeting them, which I think is a shame.

My five year old is the only iPad vulnerability (1, Offtopic)

swb (14022) | more than 4 years ago | (#32657784)

...that I worry about. He's played AniMatch on my iPhone and when he sees the iPad he gets this look in his eyes and I'm scared for the iPad.

Vulnerability Exploit (-1, Troll)

Wingsy (761354) | more than 4 years ago | (#32657798)

Someone want to point me to a list of iPhone/iPad exploits out in the wild?

Yeah. Didn't think so.

A lot of you guys have iPhone envy that's just oozing from your orifices. Really, it's OK that you choose to use a phone that you can tinker the hell out of and futz around with all day. A lot of other people are just fine with a phone (iPhone) that they can actually use with very little effort. Even with 65 vulnerabilities.

Re:Vulnerability Exploit (1)

CoffeeDog (1774202) | more than 4 years ago | (#32657910)

Quick question: How many times has your house been broken in to?
Follow up question: If you answered "never" then why do you bother locking your doors when you leave?

Re:Vulnerability Exploit (1)

jedidiah (1196) | more than 4 years ago | (#32659152)

> Quick question: How many times has your house been broken in to?
> Follow up question: If you answered "never" then why do you bother locking your doors when you leave?

The more analogous and honest question to ask is: Has anyone's house ANYWHERE ever been broken into?

Re:Vulnerability Exploit (1)

Pop69 (700500) | more than 4 years ago | (#32660300)

House has never been broken into, I live in the middle of nowhere and have half a dozen geese as watchdogs.

I don't bother locking my door when I leave, often don't bother locking the car.

Last night I was putting oil into the car and got distracted doing something else, left the bonnet up and the keys on top of the engine. Next morning, everything still exactly where I'd left it.

Re:Vulnerability Exploit (1)

Mongoose Disciple (722373) | more than 4 years ago | (#32657974)

A lot of you guys have iPhone envy that's just oozing from your orifices.

Also, your husband only beats you because he loves you, and anyone who says otherwise is just jealous that he's yours.

Not that a patched security vulnerability is anywhere near on the same order of magnitude, but the logic in the argument is as bad.

Re:Vulnerability Exploit (1)

Wingsy (761354) | more than 4 years ago | (#32658694)

Modded down to a Troll???? LOL! The iPhone envy is gushing, not oozing.

iOS 3 the IE6 of phones? (1, Troll)

syntaxeater (1070272) | more than 4 years ago | (#32657920)

Obviously jumping to conclusions, but the irony would be overwhelming.

Re:iOS 3 the IE6 of phones? (1)

Culture20 (968837) | more than 4 years ago | (#32660692)

Maybe, except I can't install iOS4.

But I *like* to execute arbitrary code. (2, Insightful)

customizedmischief (692916) | more than 4 years ago | (#32657928)

As a jailbreaker, it is always a little bittersweet to see my arbitrary code execution bugs fixed.

If Microsoft hadn't written this crappy code (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32658008)

If Microsoft hadn't written this crappy code, and everything had been written by an organization that knew had to write secure code, this problem wouldn't exist.

Re:If Microsoft hadn't written this crappy code (0, Offtopic)

VGPowerlord (621254) | more than 4 years ago | (#32658366)

If Microsoft hadn't written this crappy code, and everything had been written by an organization that knew had to write secure code, this problem wouldn't exist.

Microsoft's iPad is their worst product yet. I mean, shit, they even managed to fuck up and put a competitor's logo on it!

Fairly certain the bugs not in Verizon iPad (0, Flamebait)

WillAffleckUW (858324) | more than 4 years ago | (#32658064)

If you have the pre-beta Verizon iPad, the one that is coming out in January 2011 and was shown at E3, you shouldn't have all these vulnerabilities.

The problems so far are only showing up on the AT&T iPad.

IOS! apple needs to use names not already taken (0)

Anonymous Coward | more than 4 years ago | (#32658280)

Hmmm...

Issue on Cisco router, do a google search including "IOS" and get back something about some app that goes "mooooooo."

Very helpful Apple

Incredible. (0)

Anonymous Coward | more than 4 years ago | (#32658398)

Your iCrap isn't so perfect now, Steve Jobs.

It's true. We are more secure than all of Apple's products.

- PC

That's not all (1)

sjonke (457707) | more than 4 years ago | (#32658634)

I read that the iPad might, possibly, maybe kill it's owner after 30 days of non-use. I know there haven't been any cases of iPhones, iPads or iPod touches attacking and killing their owners, but that doesn't mean you shouldn't fear it. Better safe then sorry!

kdawson = ElmerFUD.pl (-1, Troll)

konohitowa (220547) | more than 4 years ago | (#32658692)

I'm beginning to think that kdawson is just an account running a cron job that pipes Apple submissions through a perl script matching on negative keywords and then automatically publishes if the match count goes high enough. Really. What an incompetent tool.

Schaudenfreude Reigns! (-1, Offtopic)

BSDetector (1056962) | more than 4 years ago | (#32658858)

I love how Apple boys just can't handle the truth!

Re:Schaudenfreude Reigns! (0, Troll)

jo_ham (604554) | more than 4 years ago | (#32659186)

What truth? That software has bugs?

I have known that truth for a long time - OS X is patched quite frequently, and the knowledgebase articles about just what has been patched and who discovered it are quite informative. Since iOS is based on OS X it does not surprise me that it also has bugs. Nice to see them fixed.

A lot of these were bugs in Webkit, so expect updates for Android too, assuming your phone manufacturer offers an update. How many of them have got around to offering 2.2?

Another patch that creates a more annoying bug (2, Interesting)

GreenSquirrel2 (1814454) | more than 4 years ago | (#32659458)

Upgraded my iPhone to v4 last night, now it doesn't work with my Pioneer (DEH-3200UB) car audio deck. Talked to Pioneer and they pointed to Apple. Spoke with Apple and was told "sorry". Maybe the iPad users are the lucky ones.

I wonder (1)

s4ltyd0g (452701) | more than 4 years ago | (#32659578)

Do you have to agree to have your location information sold to unspecified third parties before you can get the patch?

Glad I shelled out for premium hardware! (4, Insightful)

PeanutButterBreath (1224570) | more than 4 years ago | (#32659820)

65 bugs that I won't get patches for in my 1st Generation Ipod Touch. What is the point of paying a premium for hardware, when the control-freak sole arbiter of software patches renders it functionally obsolete long before its useful life has expired?

Re:Glad I shelled out for premium hardware! (1)

LynnwoodRooster (966895) | more than 4 years ago | (#32660672)

Don't you know, Apple has determined that it is a bad business practice to support older products or OSes, anything more than a few years old. But you're free to buy the new version that will be supported!

Is this why my iPhone rebooted recently? (1)

Culture20 (968837) | more than 4 years ago | (#32660660)

I viewed an idle.slashdot.org page, Safari crashed, and my iPhone rebooted on its own. I wonder if I got hit. Yay.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?