[News] Apple IOS Has Critical Flaw

WasabiPoptart

WasabiPoptart

A critical iOS vulnerability that Apple patched on Friday gives attackers an easy way to surreptitiously circumvent the most widely used technology for preventing eavesdropping on the Internet. That made the security bug about as dire as one can be. Now, there's strong evidence that the same flaw also exposes sensitive e-mail and Web communications on fully patched versions of OS X, with no indication that there is a patch currently available for the millions of people who use the Mac operating system

More here
 
PatrThom

PatrThom

Saw that message, now I know why the fixes 7.0.6 was soooo important that it wasn't delayed until 7.1's release.

I will say that I tested it on quite a number of Macs (to see if the OS X thing had any truth to it) and haven't been able to reproduce it yet on a desktop/portable, though I am not sure if this is due to protections further up the line or whether it's just not an issue for desktops. Trying to connect to the test page from a fully-patched desktop gives me the following error message:
Code: 
(!) Failed to load resource: An SSL error has occurred and a secure connection to the server cannot be made.
--Patrick
 
PatrThom

PatrThom

PatrThom said:
haven't been able to reproduce it yet on a desktop/portable
Click to expand...
UPDATE: My mistake. On Macs which are fully patched, I can reproduce it. On Macs which are not fully patched, I cannot.
No idea at exactly which point the regression occurred, though.

--Patrick
 
Last edited:
PatrThom

PatrThom

jwhouk said:
So... do I need to dust off my G3 iBook and do a system update, or...?
Click to expand...
Unlikely. Your iBook can't possibly go any higher than 10.4.11, which is not affected by this bug.
Also, most of the Internet requires at least 10.6 these days, so you couldn't get yourself into too much trouble anyway.

--Patrick
 
jwhouk

jwhouk

Yep. 10.4.11 is my OS at the moment.

God. 1.07 GHZ PowerPC G4, and 1.25 GB of RAM... and 27.82 GB of memory. :eek:

And that thing used to be my daily driver at one point!
 
PatrThom

PatrThom

jwhouk said:
Yep. 10.4.11 is my OS at the moment.
God. 1.07 GHZ PowerPC G4, and 1.25 GB of RAM... and 27.82 GB of memory. :eek:
Click to expand...
Well, then it's not an iBook G3, is it? :p
With a 1.0GHz processor and 30GB HDD, you probably have this 12in model, which can actually run up to Mac OS 10.5.8 ("Leopard"), though doing so would force you to give up your "Classic" mode for your older OS9 programs and probably require 15GB (i.e., half) disk space just for the OS.

You would gain Time Machine, though, which could potentially be worth it for that alone.

FWIW, my only laptop is a Titanium Powerbook G4, so I'm right there with you.

--Patrick
 
jwhouk

jwhouk

Aaaaaaand I just got the notification for iOS 6.1.6 on my iPod Touch.[DOUBLEPOST=1393223235,1393223187][/DOUBLEPOST]
PatrThom said:
Well, then it's not an iBook G3, is it? :p
With a 1.0GHz processor and 30GB HDD, you probably have this 12in model, which can actually run up to Mac OS 10.5.8 ("Leopard"), though doing so would force you to give up your "Classic" mode for your older OS9 programs and probably require 15GB (i.e., half) disk space just for the OS.

You would gain Time Machine, though, which could potentially be worth it for that alone.

FWIW, my only laptop is a Titanium Powerbook G4, so I'm right there with you.

--Patrick
Click to expand...
I have about a gig or so of free space on it, so that's a no. And I don't think Apple is selling any copies of Leopard that I could install on it, anyways.
 
PatrThom

PatrThom

jwhouk said:
I don't think Apple is selling any copies of Leopard that I could install on it, anyways.
Click to expand...
I think they still sell it, but they would charge you $129 for it. Used copies are much cheaper. Also, getting at the hard drive on that model is quite an inconvenience, so dropping a bigger one in there isn't something you just pop it open and do.

--Patrick
 
fade

fade

Staff member
The iOS bug was one goto fail in thousands of lines of code. As someone who writes code for a living let me tell you that's a hard find and a lucky one.
 
PatrThom

PatrThom

fade said:
The iOS bug was one goto fail in thousands of lines of code. As someone who writes code for a living let me tell you that's a hard find and a lucky one.
Click to expand...
Easy mistake to make, easy mistake to miss. It happens to every company at some point. However, the various forms of confirmation bias will continue unabated.

--Patrick
 
PatrThom

PatrThom

So kinda back to the above encryption thing...now that iOS has finally started supporting RCS messaging, the whole green bubble v. blue bubble is less of a thing, right? Well...yeah, about that:
www.forbes.com

FBI Warns iPhone And Android Users—Stop Sending Texts

US officials urge citizens to use encrypted messaging and calls wherever they can—here’s what you need to know.
www.forbes.com www.forbes.com
Now I know the headline is a little scary, but that's how Forbes gets clicks, so the tl:dr; here is that it is still perfectly safe for Apple people to text other Apple people (blue-to-blue) and Android people to text other Android people (green-to-green), the unsafe part is when you try to mix the two (blue-to-green) or have some other system (e.g., Google<->Samsung). Turns out the RCS messaging standard does NOT support end-to-end encryption when texting between different platforms, although they say it is coming. Someday.
In the meanwhile, if you want to ensure E2EE for your communications, make sure both of you are either using the identical platform, or else are using some kind of third-party messaging platform that supports E2EE such as WhatsApp, Signal, etc.

--Patrick
 
You must log in or register to reply here.
Top