Who runs Itunes on a PC ?
It's 2017 – and your Mac, iPad, iPhone can all be pwned by an e-book
Apple has released security updates for both of its main operating systems, along with iTunes, Apple Watch, and Apple TV. All should be installed as soon as possible before they are exploited by miscreants. The updates, numbering seven in total, include fixes for security vulnerabilities in the Safari browser and WebKit engine …
COMMENTS
-
-
Tuesday 16th May 2017 07:12 GMT Anonymous Coward
Re: Greedy Apple!
To be honest, I am neither upset with Apple or Microsoft for flagging products end of life and then treating them as, well, end of life. The only issue is that Apple hardware does tend to last (I even have an iPhone 3s in a drawer somewhere that actually still works), but I rather have software obsolescence than a hardware one.
I don't expect hardware to last beyond 4..5 years (not without MTBF to rise), and in the hands of my kids I'm impressed if it survives two :).
-
Tuesday 16th May 2017 09:40 GMT Anonymous Coward
Re: Greedy Apple!
But no updates for my iPhone 4S. Disgusted that Apple are hoarding fixes!
Yes, but Apple (unlike MIcrosoft) aren't hypocritically and publicly criticising Security Services for hoarding vunerabilities and then shown to be hoarding their own patches. An ever rising custom support package at >$400 per machine, per year for an organisation like the NHS, is corporate Ransomware in my book.
It really comes down to a clash of culture between the US and the British. We have free health care (at the point of use) and we expect the NHS to be treated with due respect and kindness for what it does, not exploited to the hilt, for profit.
You can be rich and never use the NHS for most of your life, but one day your luck can change and the NHS is one of those safety nets, we should all treat very dearly, because with today's society it would never happen from scratch again.
It grew out of a time, where there was a lot of goodwill around to make the NHS dream happen.
-
-
Tuesday 16th May 2017 16:19 GMT Anonymous Coward
Re: Greedy Apple!
Apple hardware tends to last? I've not seen an iPhone in someone's hand without a crack in it.My daughters spent more on new screens than the phone cost.
I don't blame the hardware for that, because that's not just Apple. That's just how kids treat the gear and frankly, giving gear to kids should be a standard part for milspec testing. There's no greater destructive force than a group of 5 year olds or a drunk bunch of teenagers..
-
Tuesday 16th May 2017 16:59 GMT Anonymous Coward
Re: Greedy Apple!
I don't blame the hardware for that, because that's not just Apple.
It may not be only Apple, but since Apple & Samsung want to charge premium prices, shouldn't they both get off their lazy, lazy backsides, and do what Motorola offered with the X-Force a year and a half ago?
Wireless charging? Pffttt.
NFC payments? Yaawwwwwwnn.
16:9 screens? Ptooh.
Wrap round dispays? Nahhh.
Fingerprint and eyeball readers? Nope.
Now offer me a really decent phone that's not fragile as a snowflake, now that's worth having - second only to order-of-magnitude improvement in battery life.
-
-
Wednesday 17th May 2017 01:30 GMT Truckle The Uncivil
Re: Greedy Apple!
No doubt your daughters just throw their phone in their handbag, just as mine did. It stopped when I pointed out that neither their brother nor their father had to replace phones or screens every six months. Now they keep them in the pockets of their handbags (as do I) there are no problems.
-
-
-
-
Tuesday 16th May 2017 06:08 GMT cb7
So much for
That "really secure" Unix foundation.
"and a pair of flaws in iBooks (CVE-2017-2497, CVE-2017-6981) that allow ebooks to open arbitrary websites and execute code with root privilege"
There's no denying it's a more secure model, but these patches just go to show that flaws and vulnerabilities can be found in almost all software.
-
-
Tuesday 16th May 2017 07:16 GMT Anonymous Coward
Re: So much for
Why on all earth does a normal application have stuff running as root?
An excellent question, and one that most software providers cannot justify. The only thing that needs root level access is something that needs drivers to work - even daemons should be able to work at user level. Furthermore, I would be very happy installing software so it would only work for my user account instead for all accounts I may somehow establish in a dim and distant future.
Given that root/admin levels are the path for a lot of malware to gain a permanent foothold you'd expect SW suppliers to fix that, but so far the signs are not good on macos as well as Windows. Even Linux tends to demand root level privileges to install applications.
-
Tuesday 16th May 2017 09:27 GMT Anonymous Coward
Google Chrome will ask for escalated privileges, even though it will install without.
An interesting qwirk, is Google Chrome will still install even if you deny it Escalated Privileges in Windows. It seems to be Google Update that needs it, not Google Chrome itself.
Interesting, in that Google go for the jugular to get as much Administrator "root" Rights, as possible (by default) but back off when you actually say, "Hold on, what do you need escalated privileges for, you're just installing a App/Browser"
-
Wednesday 17th May 2017 13:05 GMT Anonymous Coward
Re: Google Chrome will ask for escalated privileges, even though it will install without.
>> An interesting qwirk, is Google Chrome will still install even if you deny it Escalated Privileges in Windows. It seems to be Google Update that needs it, not Google Chrome itself.!
It's very annoyingly deliberate to allow people to install it in restricted rights situations and in companies, etc. We block all the download URLs for it as Chrome is one of the worst browsers on the planet for security vulnerability counts.
-
Thursday 18th May 2017 08:37 GMT Anonymous Coward
Re: Google Chrome will ask for escalated privileges, even though it will install without.
"...one of the worst browsers on the planet for security vulnerability counts."
But one of the lowest if you map out the relative severity of the vulnerabilities. Compare to IE, with fewer total vulnerabilities but far more severe-rated (e.g. arbitrary code execution) ones.
-
-
-
-
Tuesday 16th May 2017 09:46 GMT Eclectic Man
Re: So much for
"Why on all earth does a normal application have stuff running as root?"
No idea. When I was a sysadmin for a cluster of Sun Workstations (tells you how old I am), we had a graphics package call SunAlis. It had to run with root privileges, so once a user had sent something to the printer, only I could stop it, and it had the 'feature' that if a diagram got to over 2Mb in size (it was a long time ago), it crashed and you lost the whole thing.
Deleting it was a relief, and the only time I have, as root, actually typed in "rm - r *.*" and hit 'return'.
-
-
-
Tuesday 16th May 2017 06:49 GMT Anonymous Coward
I'd love to install the IPad security updates, but first I need to find a friendly wifi network.
I have an IPad with unlimited LTE, but Apple has a 100MB limit for downloading apps and OS updates. The app restriction I can bypass... but not the OS updates.
How stupid is that? This is one area where Apple is living in the past.
-
Tuesday 16th May 2017 12:57 GMT JibberJabberBadger
So that's why it's asking me to connect my iPhone7 to my wireless network - which is a pain as living in a major city in Australia means my home internet is piss-poor, especially given that it rained today, so it's considerably slower than my mobile connection... about 28 mins remaining for the download...
-
-
Tuesday 16th May 2017 09:45 GMT Anonymous Coward
IWatch...intelligent strap-ons coming soon
the eye-watch, hmm, it sort-of was a fairly pointless/useless product when I bought it - tho' it allegedly is now quietly wiping the floor with all the other wearables. (mostly as it is nearly accurate enough for "sport" use)
Following Apple's alleged hiring of 200 bioengineering PhD's, when their allegedly non-invasive 'real-time' blood-glucose mmol/litre sensing i-strap comes out, sales might get even better! (but will it need the other i-strap composed of mostly batteries, that is also being rumored?)
Personally, I made sure to buy iWatch version 0 when version 1 came out, at a great price (I recently bought the last Pebble too, at a better discount, once fitbit had embraced & extinguished that) as buying last year's tech is quite a good way to enjoy these products, that are not yet obsolete, might end up in a niche market rather than a drawer? still worth watching
-
Tuesday 16th May 2017 15:13 GMT Naselus
Re: IWatch...intelligent strap-ons coming soon
" it sort-of was a fairly pointless/useless product when I bought it - tho' it allegedly is now quietly wiping the floor with all the other wearables."
Worth noting that's still not exactly a high bar. Wearables still haven't actually found a good reason to exist yet, so wiping the floor with the competition is like being the hardest kid in preschool.
-
-