back to article Apple patches iPhone and macOS flaws under active attack

Apple has pushed out five security fixes including two vulnerabilities in its iPhones, iPads and Mac operating systems that are already being exploited. One of these, tracked as CVE-2022-32917, can be used to allow malicious applications to execute arbitrary code with kernel privileges. "Apple is aware of a report that this …

  1. Ace2 Silver badge

    “So it's your call whether Ted Lasso is worth the risk.”

    What is the attack vector for AppleTV? Mostly we use it to watch Netflix etc. Maybe putting up a poisoned Youtube vid and trying to trick people to watch it?

    Maybe poisoned ads?

    1. BebopWeBop

      Given the integration with iCloud I could imagine it might well be a chink in Apples security if not patched.

    2. Charlie Clark Silver badge

      If it's an OS vulnerability then drive-by attacks might be possible.

      1. TRT Silver badge

        One thing I've discovered, since regretfully now switch over to Plasma Cloud* for my network, is that whilst Macs and iPhones idle their WiFi connections when not in use, AppleTV (especially the 4K version) keeps its connections up and running at full pelt 24/7/365. No idling, even in standby mode.

        I've no idea what the security implications of that are - constant renegotiation of rate or an always-on connection.

        * I mean, hats off to them for what they've done after Datto shat in the swimming pool, but it don't quite work as you'd expect! Makes my hobbyist IoT tinkering a lot more difficult now.

        1. Charlie Clark Silver badge

          Not sure if their attack surface is that much greater but constant power use probably isn't the best thing. For something as dumb as Apple TV, you'd think that the OS could probably run on a read-only file system, which should seriously limit attacks.

          Anyway for us plebs still ob Catalina there's no update. I don't know whether that's because we're plebs or because we don't have enough IOS to worry.

          1. O RLY

            Yeah, Catalina should be supported for a few more months. I wonder if the issues are related to the new bits in macOS 11 and 12 not present in the 10.15 code.

            Apple's typically opaque release notes lend no insight.

        2. Nifty Silver badge

          "AppleTV (especially the 4K version) keeps its connections up and running at full pelt 24/7/365."

          Don't all streaming sticks/boxes/pucks that have WiFi remote controls keep their WiFi on? Otherwise how do you wake them up to stream, with a remote? Bring back IR remotes may be an energy saving strategy.

          "Since January 2017 networked standby devices must not consume more than 3 to 12 Watts depending on the product."

          (The UK is sticking to the above EU rule)

          1. TRT Silver badge

            By dropping back to a 802.11a (2.4GHz), you can save energy. Provided the connection is there and you can hear and talk to the WAP to pass just a few keep alive packets every minute you don't need the bit rates and low latency that 2.4GHz/5GHz 802.11ac/ax/be gets you with its time-division and channel-multiplexing, and fancy-schmancy signal processing and MIMO etc. If you have a WiFi connected remote, then WOL can renegotiate the WiFi and bring up the connection quite rapidly - as fast as it takes a TV to switch input, negotiate the HDMI and audio standards and warm up the LED backlight (if it has one). Heck, you don't even need to turn on those higher rate standards until you need the bandwidth. You wouldn't notice the difference between 54mbps and 433mbps when scrolling through the Netflix or TV+ menus.

            It's a bit like BLE. And why not use BLE as a remote technology? Allows you to hide your streamer away behind the TV (like a fire stick) where IR can't reach.

  2. 45RPM Silver badge

    You don’t need an Apple device to watch Ted Lasso. Just an AppleTV+ subscription. And you can get that on a Samsung or Sony TV (and, doubtless, other brands as well). It’s well worth it by the way, not only for Ted Lasso but also for The Morning Show, Bad Sisters, See, For All Mankind…

    But as for whether an Apple Device is worth the risk, yes and a thousand times yes. For my use cases and preferences it’s by far the superior system. If it doesn’t work for you then that’s cool, it won’t spoil my day, pick what you prefer. But don’t kid yourself that your choice is risk free.

    1. CledusSnow

      +1 for The Morning Show - great TV!

    2. Sandtitz Silver badge
      Thumb Down

      You don’t need an Apple device to watch Ted Lasso. Just an AppleTV+ subscription. And you can get that on a Samsung or Sony TV (and, doubtless, other brands as well). It’s well worth it by the way, not only for Ted Lasso but also for The Morning Show, Bad Sisters, See, For All Mankind…

      AppleTV+ is a shit show.

      My daughter received a new iPhone last year and it included 3 months worth of AppleTV.

      I watched all content forth watching easily in that time, maybe 5 movies (=50% of all AppleTV+ movie content!), and a couple TV series. It is baffling how empty the store is. Windows App Store looks packed to brim compared to AppleTV+. It's like arriving at an empty airplane hangar.

      For All Mankind is a great show. Ted Lasso also worked for me. Foundation looked good but it's mostly empty and has quite nothing to do with the Asimov books.

      Unlike Netflix, AppleTV+ only has content produced by Apple. They also offer other content through their service but you need to pay for them.

      Because Apple has started producing movies, TV shows and documentaries only quite recently, it is hard to justify buying into AppleTV+ when all the competition has hundred times (and probably more) more material available for roughly the same price.

      Perhaps Apple is aiming only for quality, although it's mostly mediocre. IMHO, Netflix typically has maybe one good movie/series among 10-20 new (crappy) ones But they have done this much longer so there's a whole lot more good stuff to watch. And if you run out of their original programming, there's a whole lot more of classic TV series from Monty Python to ST:TNG to Seinfeld and whatnot.

      Outside of iThings, Apple only produces an app for AndroidTV, but nothing for Android phones / tablets. Due to this I ended up watching everything on my Android tablet / PC laptop at AppleTV+ website with browser. Unpleasant and I ended up canceling the subscription before the trial ended.

  3. Kevin McMurtrie Silver badge
    Big Brother

    "actively exploited"

    Nothing gets a security patch out like an exploit that might give you root access to your own phone.

  4. VTAMguy

    Over and over and over and over and over. And not just sporadically, more like constantly. And not just Apple, the whole lot of them. They don't ever get better at it, and the dimwit/average/genius bell curve at these towers of programming brilliance is seeming less spectactular than ever and more just like anyplace else with a computer and internet connection.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like