Sign in / up

back to article Apple drags its heels on iPhone security patches

Apple has failed to keep software for the iPhone up to date with patches available for its desktop PCs. The latest version of the software for the iPhone, 1.1.4, came out in February and is essentially a pared-down version of Mac OS 10.5, according to security researchers. As a result the Jesus phone is still vulnerable to an …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. Andy

    Huh?

    "Security watchers speculate that Apple has been focused on developing software for the next generation of the iPhone rather than addressing problems with version 1.x of the iPhone software."

    Well... Seeing as 2.0 is a free upgrade, then surely working on that *is* addressing problems with version 1.x...?

    Having known vulnerabilities unfixed sucks, but then at least there are regular upgrades with fixes included. Can't say that about most smartphones.

    0 0
  2. Ed

    I'm shocked...

    ...oh, hang on. No I'm not.

    0 0
  3. jai
    Jobs Halo

    a little late for this news?

    surely the next version of this software will be version 2.0

    that will be available for the original iPhone and the iPhone 3G

    and it's rumoured to be released in 6days 14hours 52minutes and 25seconds

    or are you just writing this article now so that in almost a week's time you can feel smug that Apple obviously listened to you?

    0 0
  4. Giles Jones Gold badge

    Difference is..

    Other handset manufacturers get around this by releasing phones with very crippled browsers that are secure by being next to useless.

    Windows Mobile phones aren't updated that regularly either, in fact it is up to the handset OEM to produce a firmware upgrade. Often they don't as they want you to buy another handset.

    Not saying Apple is right, but slow updates are fairly normal in the mobile arena.

    0 0
  5. James
    Paris Hilton

    @Huh?

    You can get the latest firmwares for almost any smartphone at service centres. Nokia now allow users to download new firmware and flash their phones from their PC at home. These all contain bugfixes and new features.

    Paris flashes in public.

    0 0
  6. J Welek
    Black Helicopters

    Service centre updates?! LOL

    Alas, getting service centre updates can be nigh on impossible if the carrier hasn't approved/added their own branded junk to (delete as appl.) it. Try asking Orange N95 owners about that one. For once, I think that Apple have done the right thing with this - Perhaps slower than a desktop security update, but a hell of a lot quicker than any S60/WM6 update...hell, do we really know what flaws are on those platforms.

    That's all obviously assuming this flaw IS corrected in the new v.2.0! ;)

    0 0
  7. Webster Phreaky
    Jobs Horns

    Apple Doesn't Know How Too Patch Wholes and Bugs ....

    But Apple SURE IS Good at creating them on everything from OS X, the iPhony to their own iApps. It's HISTORY and it's DOCUMENTED ... all you have to do is read any Apple Self-help site like macfixit and their archives.

    Apple is 20 Times Worse than MS!

    0 0
  8. Chad H.

    Pfft

    I'm more worried about the fact a guy at work can SSH into an iphone connected onto the same WIFI network as his PC, login as Root (using a username and password that is apparently the same on every single iPhone), and then, well, when you have root access, what can't you do?

    0 0
  9. Bad Beaver

    Somebody...

    ... hand Webster a towel. Uh, no, I see I'm late... somebody hand Webster a scraper.

    0 0
  10. Marvin the Martian
    Stop

    iPhone?

    I thought the standard label was "JesusPhone"? Or has that become problematic since the second coming/ update?

    0 0
  11. Chris

    @Pfft

    I could be wrong, but I believe you need to have jailbroken the iphone for that, and installed SSH - which, quite frankly, if you are doing all of that you need to reset the root password. It's more of a flaw with the application that is being installed, and less with the phone.

    0 0
  12. Benny
    Happy

    Phew

    Phreaky is still around, I was getting worried.

    Oh ok, im bored...

    But Microsoft SURE IS Good at creating them on everything from Windows, the WinMobile to their own Office apps. It's HISTORY and it's DOCUMENTED ... all you have to do is read any Microsoft Self-help site like google and their archives.

    Microsoft is 20 Times Worse than Apple!

    0 0
  13. Funky Gibbon
    Alien

    @Chad H. .... mmmm FUD for breakfast

    ..but don't forget a couple of oh so minor steps prior to logging in as root...

    - Turn on OpenSSH on the iPhone

    - Oh, but then you would mean you have to have OpenSSH installed first

    - dang! that would mean you need to install the BSD Subsystem beforehand

    - ahhhh and that would require to have a community repository on the iPhone too such as installer.app

    - ding! to install installer.app the iPhone would have to be jailbroken right?

    I mean, unless I missed Apples iPhone 'Hacker Edition' shipping with all this enabled, I cannot see how actively going through the (reverse) steps above is a security issue.

    Any IT person who has gone through the above steps and requires OpenSSH on at all times, would actively set their root password, while a dumbass blindly following someones ego-driven blog online would also follow the instruction (that most tutorials post) to *change your root password* if using this feature. Either that or they will brick the fucken thing and create the most secure phone ever, one that doesn't work.

    Finally, given a couple of days leaving OpenSSH on 24/7, any sane person would turn it off when not in use as it burns through batteries like a flaming leper doused in kerosene.

    Cheers

    0 0
  14. Anonymous Coward
    Paris Hilton

    iTwats

    iTwats usually bleat about MicroShaft always having to release patches. So "The Jobbie" has to keep them happy by not releasing patches for his iCrappy software so often, maybe, for example, only when they release a brand new iPosingMirror. Well done for being security driven.

    Paris, she knows how to drive securely.

    0 0
  15. Joe Ragosta

    Yawn

    Funny how everyone is so eager to bash Apple and Apple products - yet there's no instance of a zombie iPhone or Mac yet. Why is a theoretical possibility that someday there just might possibly be some harm worth getting worked over?

    And if you get worked up over that remote possibility, how can you help but go into cardiac arrest over the tens of millions of zombie Windows computers out there?

    0 0
  16. Anonymous Coward
    Anonymous Coward

    I know you aren't supposed to feed the trolls

    But Webster, are you sure Apple are 20 times worse than MS?

    That sounds like a suspiciously round number, and as such, it could be made up?

    Are you sure that they aren't only 18.42x worse than MS?

    0 0
  17. Tim Roberts

    @ Webster Phreaky

    I wont bother to actually respond to your rant, but I would like to know why it would be necessary to patch a "whole".

    I can only presume you meant to write:

    " Apel dusn't no how 2 pach hols an bugs"

    0 0
  18. jai

    re: Pfft

    but you can't just "SSH into an iphone connected onto the same WIFI network"

    you have to have installed a cracked version of the firmware first to enable SSH

    you can't complain that the guys iphone allows people root access because he's the one that's given it to them

    0 0
  19. Anonymous Coward
    Thumb Down

    Knt pwn me

    When one of these actually causes some damage I might get interested. Frankly, having had Windows since 'MS-DOS Executive' I've NEVER been hit by anything on my Windows machines. I strongly doubt my sole OS X machine is going to be hit by these either, the sky is not falling : D

    1 0
  20. Anonymous Coward
    Stop

    Second Grade Webster

    Webster Phreaky blatthered: Apple Doesn't Know How Too Patch Wholes and Bugs

    That's because they know how TO patch HOLES and bugs. Come on Webster, To, Two and Too are second grade lessons! When you learn that then MAYBE you might be justified in ragging on Apple. : D

    <http://www.wisegeek.com/what-is-the-difference-between-to-two-and-too.htm>

    1 0
  21. Lance

    @Andy

    But the software is available for public release now. When the new phone goes on sale on the 11th, it will have 2.0 on it. Those units are in boxes sitting in a warehouse. So why hasn't Apple released the update to fix the issue?

    0 0
  22. Adrian Bool
    Boffin

    SSH

    Chad, you can only SSH into an iPhone if you jailbreak it and install the ssh daemon. If you've done all that and not changed your password, you deserve what you get...

    0 0
  23. Haviland

    @Chad

    Just because you've got root access to an iPhone on a network doesn't mean you've got root access to the network.

    0 0
  24. Matt Bryant Silver badge
    Pirate

    RE: J Welek, and the assorted iBone fanbois

    Actually, anyone, not just service personnel, can access Nokia firmware downloads. To check if there is a new firmware download fo rthe mentioned N95 then go to; http://www.nokia.co.uk/A4226014?N95_8GB.

    But, to be honest, all Nokias I have used have had such a rubbish, over-compicated, menu-driven interface I would think anyone determined enough to hack it to have uber qualities of perseverence.

    Windoze device users such as the many badged HTC devices, iPaqs and Axims, have the "pleasure" of multiple Windoze updates right from the earliest Windows CE (very aptly nicknamed "WinCE"). This is one reason that Windows Mobile devices are assessed at higher business security rating than the iBone.

    Of course, business users (which are the people that actually need and value security) have had a fully-tested and automated solution that can automatically push out updates as required from long before the appearance of the iBone or Windoze Mobile, and carries the top business security rating. Please put your hands together for the business market leader (yes, that's the market that Jobs wants to get into), RIM's Blackberrys with Blackberry Enterprise Server.

    0 1
  25. Simon

    Version 2 - Free?

    > Well... Seeing as 2.0 is a free upgrade, then surely working on that *is* addressing problems with version 1.x...?

    It might be free for iPhone users, but going by past updates us iPod touch users (who are still vulnerable to the published exploit) will have to stump for the v2 upgrade.

    I've got no compelling reason to update my firmware based on the features of v2 and I don't want to have to pay to get a security fix.

    0 0
  26. Webster Phreaky
    Jobs Horns

    @ By Anonymous Coward and the other AppleTard

    See, the BEST the AppleTards can do is criticize a slip of the keyboard entry like the little juvenile punks they are, INSTEAD of offering any substance in a rebuttal. Reason being, THEY CAN'T!

    Apple HAS BEEN branded by security experts and even some of their slightly brave whore media, as being TOO slow at patching; far worse than MS. That's Microsoft, not the Multiple Sclerosis you Apple Tards exhibit every time you open your saliva dripping pie holes. Of course you high and mighty never make a typo, do you perfect wonders of fantasy land?

    0 0
This topic is closed for new posts.

Other stories you might like