back to article Apple splats Safari flaw affecting a BEELLION iThings

Jouko Pynnönen, a security chap with Finnish firm Klikki Oy, has found a since patched bug he says could affect a billion Apple iDevices. Pynnönensays the cross-domain vulnerability in Safari's file transfer URL schemes allows attackers to modify website HTTP cookies and have documents loaded from malicious sites. "An …

  1. Binnacle
    Thumb Down

    where's the fix for iPhone 4 iOS 7.1.2?

    So ancient 3GS phones get a fix, but no fix for merely old iPhone 4's?

    1. Mike Bell

      Re: where's the fix for iPhone 4 iOS 7.1.2?

      No. iOS 8.x is only available for iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later. Not the 3GS.

      1. Anonymous Coward
        Anonymous Coward

        Re: where's the fix for iPhone 4 iOS 7.1.2?

        They may still produce a version for 7.x, after all they did a new rev of 6.x for the 3gs to plug a security issue last year. Obviously they will prioritize the newest version of iOS first since it affects many more people.

        However, this really isn't a big issue for iOS. Making you download a file other than the one you thought you were downloading is not as much of a problem in a sandbox. They can't make you download an executable since those must be signed to run. Maybe they could use it to get you to download a developer profile and then trick you into visiting a dodgy app store, but that's a bit of a stretch. This type of thing would be much more of a problem on an unrestricted OS like OS X (or Windows or Android)

  2. Mike Bell

    has found a since patched bug

    Has? Surely he found it before it was patched. As he is credited with finding it in the Apple document that you link to.

  3. Stevie Silver badge

    Bah!

    No so much a vulnerability since all the affected iPhones are pre-now versions and by definition unused by real fans, and does anyone use Safari on windows?

    I have Safari on my iPad2 and I pretty much consider the combination the best argument for never using the world wide web I've personally encountered.

    1. Robert Helpmann?? Silver badge
      Childcatcher

      Re: Bah!

      ...does anyone use Safari on windows?

      Not so much any more. Apple ended support for Windows in 2012 with version 5.1.7. Good luck finding a reference to it on Apple's web site. I used to use it to make sure my web site looked reasonable for a range of browsers, but not much else. Can't think of another reason to care and this one isn't all that any more.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020