Although Apple didn't make a big deal about it, one of the security fixes included in the recent iPhone/iPod touch 2.0 firmware is a fix for a fairly high-profile WebKit bug that was used to hack a MacBook Air back in March. People immediately began asking why the bug took so long to fix on the iPhone. Now, the researcher who discovered it, Charlie Miller, has called Apple out over its iPhone patching practices in a recent Computerworld piece, saying that the company "messed up."
When the bug was originally disclosed to Apple, the company asked Miller if Mobile Safari was also affected, and he suggested that it probably was. Unfortunately, he wasn't able to confirm his assertion at the time, and left it up to Apple (which had all of the details) to test the exploit on the iPhone itself. It turned out that the exploit code needed to be tweaked slightly to do anything malicious on an iPhone, but Apple apparently closed the case after the OS X exploit failed to do anything nasty.
------------------------------------
Yet another example of Apple's lack luster security posture. Apple should be counting their prayers that organized [cyber]crime hasn't seriously attack their operating system....
Microsoft uses an internal distributed grid of computers to fuzz their Office applications....while Apple ignores the information given to it by a serious security research. Why, you might ask.
Because Apple doesn't have to care....yet.
But they better start caring soon.
No comments:
Post a Comment