back to article Apple Macs, iPhones, iPads, Watches, TVs can be hijacked by evil Wi-Fi, PDFs – update now

Apple has today emitted security updates for pretty much everything it makes, and you should install them as soon as you can because it's all bad news. iPhones, iPads and iPods should grab iOS 9.3, Macs should fetch OS X 10.11.4 or Security Update 2016-002 for non-El Capitan Macs, Apple Watches should get watchOS 2.2, and …

  1. Bob Vistakin
    FAIL

    What a toxic hellstew

    Still, you get what you pay lots more for. Oh, wait...

    1. Tessier-Ashpool

      Re: What a toxic hellstew

      Yes, you do. OS updates that work across a wide range of devices. Unlike – ahem – certain devices where there's barely a 2% uptake rate of the most recent software fixes.

      1. Tessier-Ashpool

        Re: What a toxic hellstew

        Yay, some thumbs down. It's always nice to see Neanderthal genes alive and kicking!

        For the completely clueless among you, have a look at this graphic of Android version uptake rates. If you've got really good eyesight, you might be able to spot the tiny pink smudge at the bottom right. But, hey, maybe I'm being uncharitable. It's only been around since October 2015, so perhaps some people just have a really really slow internet connection!

        1. Bob Vistakin
          Holmes

          Re: What a toxic hellstew

          I don't think Android fans are under any illusions regarding that. The point is Apple's constant message of all being perfect in the Villa Straylight, so when it turns out to be no different the fact they've crowed about it so much brings them down to earth much harder.

          1. Anonymous Coward
            Anonymous Coward

            Re: What a toxic hellstew

            The point is Apple's constant message of all being perfect in the Villa Straylight

            As far as I can tell they have learned their lessons since the "I'm a Mac" campaign, and Apple kit generally DOES make keeping safe and up to date easier. Not that I will abandon my "24 hour wait" strategy that I religiously stick to since my Windows days, mind you - that Apple hasn't managed to screw up an update yet doesn't mean they won't in the future. However, so far so good.

        2. allthecoolshortnamesweretaken

          Re: What a toxic hellstew

          Sir,

          while you are factually correct, I will not have you bad-mouthing Neanderthals!

          No really, they don't deserve this. Learn more here and here.

        3. Roland6 Silver badge

          Re: What a toxic hellstew

          Re: have a look at this graphic of Android version uptake rates.

          It would be interesting to see an equivalent graphic for iOS version uptake rates. I suspect it isn't the quite as clean cut as some would have us suppose.

        4. Pascal Monett Silver badge

          Re: perhaps some people just have a really really slow internet connection

          Sir, you are apparently under the impression that some people choose to not update their Androids. Although I am sure that there are people who do so, I do believe that there is a fair amount of people who do not have the choice because their phone is locked by their carrier.

          So what you are actually saying is "perhaps some carriers should take the finger out and get patching".

      2. Charlie Clark Silver badge
        Stop

        Re: What a toxic hellstew

        Yes, you do. OS updates that work across a wide range of devices. Unlike – ahem – certain devices where there's barely a 2% uptake rate of the most recent software fixes.

        Apple's record of incorporating fixes for known bugs in upstream POSIX stuff (libXML2, openssl, etc.) is shameful. Pointing out the problems with Android does not detract from this.

      3. Anonymous Coward
        Anonymous Coward

        Re: What a toxic hellstew

        >50% adoption of iOS9 across all iDevices in 5 days.

        iOS9 adoption is now nearly 85%.

        Devices on iOS7 and below account for only ~6% of the 1 billion iDevices supposedly sold.

        O/S agnostic here, but there are some dramatic differences in O/S upgrade uptake behaviour between iOS and Android users, which is somewhat perplexing considering the onslaught of CVEs.

        Surprising that Google and the Android OEMs haven’t addressed this issue long ago.

        1. Roland6 Silver badge

          Re: What a toxic hellstew

          O/S agnostic here, but there are some dramatic differences in O/S upgrade uptake behaviour between iOS and Android users, which is somewhat perplexing considering the onslaught of CVEs.

          Not at all perplexing, Apple totally control the platform and with iOS9.3 have decided to support all device editions back to the iPhone 4S, iPad 2 and iPod Touch (5th generation); a substantial proportion of their device population. Additionally, all my iOS devices download updates automatically downloaded and are left pending until as and when I decide to apply the update.

          Compare this to Android where there are typically several gatekeepers between Google and the device in your pocket and each with little incentive to port new editions to devices more than a 1~2 years old.

          Surprising that Google and the Android OEMs haven’t addressed this issue long ago.

          Well as we know the way to do that is to standardise the platform hardware architecture and then partition the OS so that OEM and Operator additions sit outside of the OS...

          iOS9 adoption is now nearly 85%.

          It would be interesting to see a finer grain breakdown (as per the Android graph), into the individual releases:

          9

          9.0.1

          9.0.2

          9.1

          9.2

          9.2.1

          9.3

  2. Grease Monkey Silver badge

    Where are all the fanbois explaining that is not really a vulnerability?

    1. Anonymous Coward
      Anonymous Coward

      They are vulning it wrong?

    2. Anonymous Coward
      Anonymous Coward

      Evidence?

  3. ecofeco Silver badge

    So IoT then?

    Yeah let's do that. /s

  4. werdsmith Silver badge

    NIght Shift

    Well according to most of the summary information supplied with the update, 9.3 is all about "Night Shift", shifting the display colours to the warmer end of the spectrum at night to help you get a better nights sleep.

    Of course this is shit, but software generally is shit and there is much shitter software out there running on phones.

    1. Richard 12 Silver badge

      Re: NIght Shift

      The theory behind the 'night shift' is sound and has been tested quite extensively.

      "Warmer" colours are soothing (fire, candlelight, sunset), while bluer colours like the D50 and higher colour temp used in LED backlights cause a waking response, resetting the body clock.

      Mamy people suffering SAD are helped by a bright high colour temp light during the day to keep their body clock in sync during the dark winter months.

      There have been Android apps to do this for years.

      It's odd that Apple are so far behind though, this is the kind of thing I would have expected them to jump at it years ago.

      1. Anonymous Coward
        Anonymous Coward

        Re: NIght Shift

        It's odd that Apple are so far behind though, this is the kind of thing I would have expected them to jump at it years ago.

        Maybe they had other things to fix? I've been using f.lux for quite some time, and don't spend much time working with small screens. I'll enable it, but my desktop is in this respect far more important.

    2. Intractable Potsherd Silver badge

      Re: NIght Shift

      The research is quite robust on this topic, and there definitely seems to be something to it. I use f.lux on my windows laptop (I haven't found for Mint yet), since it can't hurt to do so.

      1. werdsmith Silver badge

        Re: NIght Shift

        Oh my comment wasn't supposed to be doubting the validity of night shift colours, it was more a comment on software in general being shit.

  5. Charlie Clark Silver badge
    Facepalm

    Apple continues to depress

    Just cherrypicking:

    A shedload of bug fixes in libxml2: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution.

    I suspect anyone seriously using XML will have their own up to date install of libXML2 via MacPorts or Homebrew. The same goes for the rest of the POSIX stuff: this should all be managed outside the OS so that it can easily be kept up to date with upstream security fixes.

    Get with it Apple!

    1. Anonymous Coward
      Anonymous Coward

      Upstream security fixes?

      Are you seriously suggesting that Apple should set things up so that the libxml devs can deliver patches directly to people's iOS devices as an app or something?

      I'm sure that would go over well when they deliver a buggy update that crashes something important that iOS relies upon....

  6. cnd

    Left in the cold

    You can't seriously expect us to beleive they fixed all those at one time. What basically is going on here, is that they have CLEARLY sat on a gigantic pile of critical bugs for an extended period of time, before bothering to fix them.

    Why were these not fixed and patched as soon as they were found?

    How big is the existing pile of stuff they're saving-up for next time?

    Here is another bug for them to deal with; they pre-reserved a bunch of CVE numbers specifically for their internal critical security issues (eg: CVE-2016-1739), so we know for certain there are at the very least 7 more critical problems unpatched so far, just from the 17xx series alone. We also know they've been sitting on some of these since April last year.

    And, if you watch the news, you also now know that the FBI cracked Apple security without help from Apple now as well, so their stuff is proven useless all over again.

  7. Amos1

    DO NOT install v9.3 if you have an iPad!

    Many people, including me, are reporting that this update causes your iPad to be stuck on an "Unable to activate. Please try later or connect to iTunes" screen. And if you connect to iTunes, it still does not activate. If you boot into Recovery mode and attempt the 9.3 update again, iTunes will tell you to try the 9.3 update, download it, apply it and still does not work. Mine just finished restoring to 9.2.1 right now, which is the only reported fix.

    While I have an old iPad 2 people are reporting this on various models including the much newer iPad Air 1.

    1. Anonymous Coward
      Anonymous Coward

      Re: DO NOT install v9.3 if you have an iPad!

      Mine worked. 3rd generation iPad, no problem, although I tend to make sure I have at least 6GB free before I go near an update (usually take off the music and re-sync that later as it goes quite fast over USB3).

  8. Amos1

    v9.3 update and iPads - This is weird

    I started the v9.2.1 restore late last night and when I came down this morning it appeared to be working but still needed all of the setup stuff. It just finished the setup process and Settings says it is now on v9.3. I never told it to proceed with the v9.3 update but it apparently did it by itself when it was connected to iTunes. I'm OK with that but it's still weird.

  9. timnich

    So who needs Appl'es help to crack an Apple phone then?

    Just wondering if any of these will make it harder for the Fed's to crack *that* phone without Apple's help...

    1. Pascal Monett Silver badge

      Reality check

      Because you think the Feds are going to trouble themselves with updating that phone ?

      That said, if they do manage to update the phone before cracking it, I'll stop making fun of government firewall administrators ever again.

      Promise.

      1. Anonymous Coward
        Anonymous Coward

        Re: Reality check

        They could easily do it. Just have iTunes running on a PC, connect the phone to the PC's USB port, and install the update. There is nothing difficult about installing an OS on a locked phone, Apple deliberately made that easy so you can recover from a bad flash.

        They have announced they are going to change this soon, now that the FBI wants Apple to use it against themselves. Perhaps this is already changed on iOS 9.3, I have seen the list of security fixes but that isn't a security fix as such so it would be listed elsewhere.

        Of course the FBI gains nothing by doing this, and risks Apple having made changes that make whatever method they are going to use to get into themselves more difficult, so upgrading the OS now would make changing the iCloud password look like a genius move by comparison!

  10. Mike 16 Silver badge

    Keeping safe and up to date.

    Maybe I'm just in a pocket universe that somehow allows access to ElReg in the universe wherein folks have no problems with Apple updates, but I think the last OS X update in my experience that was "safe" (did not brick the system, did not introduce security or severe performance issues) was 10.6.8. I had to up my wife's MacBook Pro from 4GB to 16GB when I put Yosemite on it, to tame the near-constant beach-balling when running such demanding tasks as Pages and Firefox (with few windows each).

    I would really like to believe that an OS X "update" in the near future will not make things worse while making things better (not just easier to monetize via iTunes), but then, I'd like to believe that somehow, by November, there will be a viable, sane candidate for U.S. President.

    1. Anonymous C0ward

      Re: Keeping safe and up to date.

      Meh, I'm already half way there. I'm using the beta.

  11. scottypop

    iOS 9.3 update locks out iPad

    I downloaded the iOS 9.3 update to my iPad2. Seemed to install OK but I cannot activate the iPad as it tells me Apple's activation server won't connect. Tried many times. Forced restart and repeated. Apple's online tech said to connect via USB to iTunes. My MacPro sees the iPad but tells me it cannot verify it and that I need to take my iPad to an Apple store. Effectively, I have a dead iPad. NOT GOOD.

    1. CrossChris

      Re: iOS 9.3 update locks out iPad

      Moral?

      Don't ever tie yourself down with closed-source software. It doesn't seem to matter - Apple or MS - they're both guilty of screwing up patches, often without a viable reversion path. You really do get what you've (over)paid for!

  12. rkiwi

    My Macbook is on OSX 10.11.3 and there is no sign of 10.11.4 in the software update area

  13. scottypop

    OS 9.3 update locks out of iPad

    Downloaded the new OS on to my iPad 2. Now I can't connect to Apple's activation server to activate the iPad. Following Apple's online advice I tried to connect through USB to iTunes on a MacPro. No luck as iTunes cannot verify the iPad and tells me to go to an Apple store for help. Effectively my iPad is dead.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021