back to article Huge news from Apple: No, not mags, games or TV – more than 50 security bugs to patch

In addition to teasing the world with a glimpse of subscriptions services for newspapers and magazines, gaming, and video entertainment, Apple on Monday released iOS 12.2, which patches 51 security vulnerabilities. The fruit-themed company's fixes cover some serious flaws and should be applied as soon as possible. Apple fixed …

  1. HolySchmoley

    >teasing the world with a glimpse

    Announcing?

    1. Anonymous Coward
      Anonymous Coward

      teasing the world with a glimpse

      As least they didn't describe it as "opening their kimono". There's just something particularly sleazy-sounding (not to mention sexist and perhaps somewhat misogynist and exploitative) about that particular phrase, and I really just do not understand why certain Reg hacks seem to have a special attraction to it.

      (Perhaps in the case of Apple, it might be more appropriate and egalitarian to refer to Tim Cook teasing us with his budgie-smugglers, but I'm not really convinced that that would be a very mature way to refer to news announcements either.)

  2. Anonymous Coward
    Anonymous Coward

    Patch Keynote

    Once again, this raises the question of whether Apple should tie their security patch schedule to major media events. This isn't "Patch Tuesday", it's "Patch Keynote".

    To be fair, the fruity tat reseller has issued out of plan security patches when needed in the past. Many of the CVE's fixed in these releases are not yet widespread if at all.

    1. Locky
      Coat

      Re: Patch Keynote

      Apple are still living in the past, when they happily told the world that their software couldn't be affected by malware

      Can we not just patch vulnerabilities as and when the fixes are tested stable?

      Sorry, I know. Mines the one with the rose tinted glasses in the pocket

      1. Stuart Castle Silver badge

        Re: Patch Keynote

        While I do think a lot of Apple users are living in the past, I don't think Apple are. They've generally been fairly good at patching things relatively quickly, and getting those patches installed by a lot of users.

        Not perfect by any means, but they've done a good job. At least they haven't done a Microsoft, and put tracking systems in that have caused users who fear their privacy being invaded to disable the update mechanism incase it installs spyware.

        As for patching vulnerabilities as and when they happen, what would you prefer? that your phone or computer be exposed for a couple of days longer, or that you have to reboot the thing 51 times in a few days?

      2. gnasher729 Silver badge

        Re: Patch Keynote

        There are vulnerabilities, and then there's the question how you can affect a user through that vulnerability.

      3. Anonymous Coward
        Anonymous Coward

        Re: Patch Keynote

        How exactly do you "patch them as and when the fixes are tested stable" if they have to test every fix individually instead of in batches? The chances of one fix conflicting with another at some point would be pretty large, and people would have "update fatigue" if they were notified of a new iOS update on a near daily basis.

        There's no need to rush patches if there are no known exploits in the wild. If something is being actively exploited Apple has been good about doing a x.y.z release within a week of becoming aware of the issue.

        There's a reason why Microsoft adopted "patch Tuesday" instead of dribbling out fixes on an ad hoc basis, after all. And they do the same thing where if something is serious, they will issue an out of cycle fix without waiting for the next applicable Tuesday.

        1. Anonymous Coward
          Anonymous Coward

          Re: Patch Keynote

          Microsoft rolled out patch Tuesday to prevent people from becoming too aware just how many patches they rolled out after any release - people couldn't actually get any work done.

    2. Ian Joyner Bronze badge

      Re: Patch Keynote

      "fruity tat reseller"

      Tat?

      These most advanced machines that humanity have every produced. The company that defines the form factors that the rest follow. You call it 'tat'? Wow that is some arrogance there.

      1. Anonymous Coward
        Anonymous Coward

        Re: Patch Keynote

        No, no, that is called "being populist", get with it already.

        1. Ian Joyner Bronze badge

          Re: Patch Keynote

          "No, no, that is called "being populist", get with it already."

          Are you referring to Apple being populist. Wrong. Apple introduced these technologies without any guarantee that they would be accepted. They introduced the Macintosh at great risk. Similarly with the iPhone. Being populist is doing whatever the people are wanting and saying they want. Apple introduced these products with no demand. They took a risk in saying "this is what we think the future of computing will be". There was no demand for it, no populism.

          Now after Apple introduced the products and the market accepted them, the competition saw that market and introduced similar products to feed that market. Now that was being populist.

          1. Anonymous Coward
            Anonymous Coward

            Re: Patch Keynote

            Are you referring to Apple being populist.

            Umm, no.. I know it's for humorous effect, like everything! Yahoo! has! to! have! an! exclamation! mark!, but it gets a bit tired after a while.

            For me personally it also introduces a feel of bias in the reporting which I will then have to offset, which the Yahoo! exclamation mark joke does not because it has no positive or negative connotations in itself, "tat" has. But that's my personal opinion, your mileage may differ :).

  3. Khaptain Silver badge

    Huge news from Apple ?

    Why is this "huge news".. It's not like they didn't know that they had problems : proof, they patched them...

    Huge News would have been a price reduction, at least to a reasonable level...

    Huge News would have a less kiddy like interface.

    Huge News would have been a user replaceable battery, or insertable memory or a less walled garden...

    Click bait : Oh yes, just as Huge as Apple's announcement. Cynical, who me .......

    1. Mr Benny

      Re: Huge news from Apple ?

      "Huge News would have a less kiddy like interface."

      iOS or MacOS? The iOS interface is no worse than various Android offerings and while the MacOS GUI might be a refugee from the 1980s (the days of needing a fixed menu bar at the top are 30 years gone) its certainly not childish and a lot more usable that anything MS are dishing up these days.

      1. Ian Joyner Bronze badge

        Re: Huge news from Apple ?

        Mac GUI is certainly not a refugee from the 1980s.

        "the days of needing a fixed menu bar at the top are 30 years gone"

        No, this is fundamental to the Mac GUI design. It is known as Fitts's Law, that says to make it easy to hit a target. The edge of the screen is easy to hit – anything in the middle is much harder to hit. Mac users just flick the pointer towards the menu, Windows users must carefully put the cursor over the menu item.

        Here is the explanation:

        https://asktog.com/atc/principles-of-interaction-design/#fittsLaw

        1. Mr Benny

          Re: Huge news from Apple ?

          Menus belong at the top of the window, not at the top of the screen and its rather confusing when you think one app has focus but the finder bar has options for a completely different one and then to get the menu you want you app to click on one of the app windows THEN move the mouse to the finder bar. Its assinine.

          "anything in the middle is much harder to hit."

          Sure, if you're 90 and have arthritis, poor eyesite and bad co-ordination it might be an issue to move a mouse to the top of a window accurately, otherwise thats BS.

          Whoever Fitt was he's talking out of his backside, the finder bar is a PITA.

          1. Ian Joyner Bronze badge

            Re: Huge news from Apple ?

            Mr Benny - it is you who are "talking out of your backside" to put it in your terms. You don't understand Fitts's Law so you dismiss it. Read the references. It has nothing to do with your condescending attitude to the old. Anything at the edge of the screen IS easier to hit.

            It is also why Macintosh users really USE the whole screen. Microsoft Windows way to use the whole screen is just to maximise a single window to the whole screen. That is actually against the philosophy of a window as invented by Alan Kay. Despite calling their system Windows, Microsoft really doesn't understand windows.

  4. RAMstein

    Update if you want the new emoji's !

    This is a good thing btw - anything to get users to stay up-to-date with the latest security patches.

  5. Highinthemountains

    A good point about security

    The author made a good point when he said:

    These are the types of bugs that advanced (nation-state) adversaries exploit to remotely infect targets," said Wardle, who lamented that Apple's iOS platform rules disallow security tools that could thwart or at least detect this sort of attack.

    Just about every computing platform has some sort of antivirus or anti malware product available for it except iPads and iPhones. With as many vulnerabilities that are being patched you’d think that Apple would come up with their own software, ala windows defender, or allow 3rd party apps to help secure their supposedly “secure” devices.

  6. Ian Joyner Bronze badge

    Good to see Apple are on the job

    It is good to see Apple fixing these problems – some found by them, some reported by others either in research or practice. This is the way it should work.

    Just remember that Apple has a more secure system than both Linux or Windows. This is actually in the fundamental design. Linux has 22 million lines in the kernel. The kernel should be the smallest process supervisor, maybe 10s thousands of lines of code. If a process fails, it fails independently. But in Linux wayward device drivers could bring down the whole lot. This also causes a problem for security as well. Instead of dangerous inter-process calls being brokered, for speed Linux allows things to be directly connected. Those problems are by architecture and can't be fixed.

    https://github.com/satoru-takeuchi/linux-kernel-statistics

    1. Anonymous Coward
      Anonymous Coward

      Re: Good to see Apple are on the job

      OK, but to be fair, that is a balance we have to accept if we want Linux to work everywhere (Microsoft has the same problem, just can't be bothered to put as much effort into doing it right - it just blames everyone else. A bit like Trump).

      Apple's main advantage is that it has 100% control over the equipment it runs on, whereas Linux runs on so many different platforms it's impossible to keep track - it is a *fantastic* achievement and testament to the original UNIX design that it does very well despite that.

      That said, that also creates a problem for Apple: it is 100% itself responsible for the problems that show up and for producing fixes, whereas with Linux you can sometimes have initial patches within hours of publication of a problem because everyone has access to the source code.

      Security is always a matter of choosing which risks you can live with and which you address, also driven by available resources (budget, people, time). I think both Apple and Linux are not too shabby at it.

      1. Ian Joyner Bronze badge

        Re: Good to see Apple are on the job

        Linux everywhere - let's hope not. Linux is good in the server space, but not the end-user space. In my original post I pointed out that the Linux kernel is 22 million lines. Any one of those lines crashes or has a security weakness, it affects the whole lot.

        Apple's BSD Mach based system has a real kernel that isolates the drivers and other software elements from each other. If there is a line that crashes in there it only takes down that one component, not the whole lot. Security issues are similarly isolated and checked.

        "Security is always a matter of choosing which risks you can live with and which you address"

        No it is NOT just a matter of what you can live with – the topic is far more complex and has many more solutions than that.

        You are right they are both not to bad at it, but Linux depends on how well written it is. While Apple's core is also well written, it does not depend on that.

  7. Anonymous Coward
    Anonymous Coward

    Small tip: reboot once more after update

    Most of these updates come with post-reboot clean up processes.

    Usually they self terminate, but if you want to be certain you give it 5 minutes and then reboot once more. That'll clean them out.

  8. wownwow

    Better than NO effective patch like Intel's "Spoiler Inside"!

    It's amazing that datacenters and businesses, as usual like nothing happened, continue using the products that have the security problem with NO effective patch, e.g. Intel "Spoiler Inside" CPUs!

  9. M.V. Lipvig Silver badge

    Good news for Apple, I guess...

    They finally have enough market share that criminals consider them worth attacking.

    1. Ian Joyner Bronze badge

      Re: Good news for Apple, I guess...

      And good news for Apple customers because the Apple systems really are more secure.

      1. Anonymous Coward
        Anonymous Coward

        Re: Good news for Apple, I guess...

        I'd rather say "easier to secure". I am wary of giving any end user the impression that it's all 100% OK so they no longer have to be cautious themselves. Part of security is to establish sane habits.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like