back to article Apple emits iOS, iPadOS, watchOS, macOS patches to fix three hijack-my-device flaws exploited in the wild

Apple on Thursday issued security updates for iOS, iPadOS, watchOS, and macOS that address three holes reported by Google's Project Zero bug hunters among exploitable flaws found by others. Installing the latest software for your iPhone, iPad and so on will address these programming blunders. The iPhone giant's security …

  1. RM Myers Silver badge
    FAIL

    Security update - shirley not

    My iPhone says this update "includes over 100 new emoji, introduces eight new wallpapers, and brings other new enhancements and bug fixes for your iPhone."

    The only mention of security is the standard phrase they add to every IOS update: "For information on the security content of Apple software updates, please visit this website: https://support.apple.com/HT201222".

    That definitely doesn't sound like a security fix to me. Without the El Reg article, I would have assumed this was an optional update that could be safely ignored.

    1. Anonymous Coward
      Anonymous Coward

      Re: Security update - shirley not

      Via that page you get to the Apple iOS/iPadOS security update page which details the flaw.

      It appears Apple has for once managed to beat Microsoft in risk exposure by not only have the OS susceptible to a malicious images (which, to be fair, has only been around for what? 20 years or so?), but also to fonts and even SOUND, and it appears this is actively being exploited.

      Was someone asleep at the wheel when they rolled out 14.1?

      On the plus side, this appears to be at least a relatively painless update, without making it initially appear you have just zapped the phone when it reboots. My phones went through it without any hitch. Interesting detail: all the iPadOS beta testers ALSO get this update pushed.

      1. Anonymous Coward
        Anonymous Coward

        Re: Security update - shirley not

        "Was someone asleep at the wheel when they rolled out 14.1"

        yes the issues where glaringly obvious flashing red & yellow with a loud klaxon blaring and the quality team at apple just clicked the ignore/ok button to pass through it and compile the previous release.

        it was so obvious an issue, my dead dog i never had would have spotted it.

    2. anonanonanonanonanon

      Re: Security update - shirley not

      The 14.2 which is the new iOS version, which includes new features and security updates

      There's also 12.4.9 which is for older phones that don't support the latest iOS, which is just the security updates

      1. DS999 Silver badge

        Re: Security update - shirley not

        I don't have an older iPhone but I'm happy to see Apple is continuing to support iOS 12.x for now seven year old models!

  2. Anonymous Coward
    Anonymous Coward

    Since upgrading the Apple mail app is unable to stay logged into outlook.com for more than a few minutes at a time

    1. Anonymous Coward
      Anonymous Coward

      That's actually a good thing. You don't want to be using that :).

  3. Fred Flintstone Gold badge

    Bad timing

    From a date perspective, next week Friday would have been more fun :)

  4. Anonymous Coward
    Anonymous Coward

    Then use the Outlook app like a sane person?

  5. sgp Bronze badge

    Shirley

    The title should have been: "It's 2020 and your iThingy can be pwned by a malicious font."

    Mind you, I'm glad to see the inane "pwned" is appearing less on these pages..

  6. Anonymous Coward
    Anonymous Coward

    Updates

    I’ll be glad when Washington finally finishes its long overdue “Update”

  7. -tim
    Facepalm

    Aged computers?

    How many hundreds of millions of machines should be getting this patch but aren't because they are no longer in support? This shouldn't be much more than 100 byte patch.

    The local criminal incompetency statutes don't have a statute of limitations and don't mention "out of support" at all. If you sold the hardware, you have a legal requirement to fix design deficiencies indefinitely or replace or refund the equipment.

    When your engineering can harm third parties, there is no hiding behind corporate connivence.

    1. Robert Carnegie Silver badge

      Re: Aged computers?

      Clearly it’s not against the law as you claimed to leave holes in out of warranty and support life devices’ software.

      I do have concerns, but not complaints precisely:

      I bought an iPhone 6 maybe a couple of years ago, from a secondhand dealer, and I was able to install them current iOS as I expected. But there were a lot of older, some probably unsupported phones in the store. Some of these probably have idiotic bugs such as bricking or being rooted if someone sends you a type of malicious SMS, and you’re stuck with that behaviour. Removing these from service would seem unfair, but they’re dangerous to have around.

      I bought an iPhone 7 for iOS 13 I think - in the same way - because the iOS doesn’t run on the 6 and so I assumed that support was ended. But clearly it isn’t ended since there are ongoing updates for iOS 12, so I upgraded too soon. Anyone want to buy an iPhone 6... maybe I’ll ask the family.

      So it seems to be incorrect that this phone is “unsupported” as the story says, but I haven’t seen official information about it?

      Oh, and I had to cut the camera hole in my phone case to be larger. I have a set of pictures with one corner blacked out..,

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021