where's the fix for iPhone 4 iOS 7.1.2?
So ancient 3GS phones get a fix, but no fix for merely old iPhone 4's?
Jouko Pynnönen, a security chap with Finnish firm Klikki Oy, has found a since patched bug he says could affect a billion Apple iDevices. Pynnönensays the cross-domain vulnerability in Safari's file transfer URL schemes allows attackers to modify website HTTP cookies and have documents loaded from malicious sites. "An …
They may still produce a version for 7.x, after all they did a new rev of 6.x for the 3gs to plug a security issue last year. Obviously they will prioritize the newest version of iOS first since it affects many more people.
However, this really isn't a big issue for iOS. Making you download a file other than the one you thought you were downloading is not as much of a problem in a sandbox. They can't make you download an executable since those must be signed to run. Maybe they could use it to get you to download a developer profile and then trick you into visiting a dodgy app store, but that's a bit of a stretch. This type of thing would be much more of a problem on an unrestricted OS like OS X (or Windows or Android)
No so much a vulnerability since all the affected iPhones are pre-now versions and by definition unused by real fans, and does anyone use Safari on windows?
I have Safari on my iPad2 and I pretty much consider the combination the best argument for never using the world wide web I've personally encountered.
...does anyone use Safari on windows?
Not so much any more. Apple ended support for Windows in 2012 with version 5.1.7. Good luck finding a reference to it on Apple's web site. I used to use it to make sure my web site looked reasonable for a range of browsers, but not much else. Can't think of another reason to care and this one isn't all that any more.
Biting the hand that feeds IT © 1998–2021