Forgot your password?
typodupeerror
Security Iphone

iPad Left Vulnerable After Record iPhone Patch Job 145

Posted by kdawson
from the only-three-million-who-would-bother dept.
CWmike writes "With Monday's iOS 4 upgrade, Apple patched a record 65 vulnerabilities in the iPhone, more than half of them critical. However, the first-generation iPhone and iPod Touch, as well as the much newer iPad, may have been left vulnerable to some or all of the 65 bugs. iOS 4 cannot be installed on 2007's iPhone and iPod Touch, and the upgrade is not slated to reach iPad owners until this fall. The bug count is a record for the iPhone, surpassing the previous high mark of 46 vulnerabilities patched last summer with iPhone OS 3.0. Formerly known as iPhone OS 4, iOS 4 included 35 bugs, or 54% of the total, that were tagged with the phrase 'arbitrary code execution.' It's unclear how many, if any, of the vulnerabilities affect Apple's iPad. The media tablet runs an interim version of the operating system, dubbed iPhone 3.2, that followed the February iPhone 3.1.3 security update. It's possible that some of the bugs patched Monday were fixed by Apple before it launched the iPad in early April. But according to the Common Vulnerabilities & Exposures database, it's likely that many of the flaws fixed on Monday still exist in 3.2."
This discussion has been archived. No new comments can be posted.

iPad Left Vulnerable After Record iPhone Patch Job

Comments Filter:
  • If another person claims a "record" on the number of bugs fixed in an apple release out I'm gonna jump off a fucking cliff.

    Bugs are not good. Lots of bugs are worse. Fixing them? You don't get a medal, you should have done it right the first time. Yes it's good to patch them, but it's not something to break out the champagne on. When I fix a huge bug list my boss says "about time", not "good job! way to work!".

    • by ivucica (1001089)
      Better late than never. And it's rather easy to create mistakes when focusing not on security, but on performance and ease of use.

      That said ... it's surprising that a phone is so riddled with security flaws.
      • That said ... it's surprising that a phone is so riddled with security flaws.

        50 of the security flaws were in WebKit, so it's not so much that the phone is riddled with flaws, but that a web browser is.

        • ... and they don't allow any other (real) browser on the phone, either. I might be parroting comments from above, but if this was a certain other large technology company the vitriol here would have been through the roof.

    • Re: (Score:2, Insightful)

      by sphantom (795286)

      This might be a perspective thing, but I read "Company X has patched a record number of security holes" as a negative thing, not as something the OP or company X is reporting to gloat about. I've taken the liberty of reading the links by the OP (shocking, I know), and didn't find any of them to really be coming across as something that anyone is looking for a pat on that back for (and for the record, I didn't see an official comment from Apple on their "record patch job").

      Fundamentally, you're right though.

      • by mcgrew (92797) *

        Granted, some fanboys will try and spin it into a positive of some kind

        Well yes, that's the problem. Companies just kind of matter of factly send out patches, and the kool aid crowd turns every negative into a positive. Every time I see one of those comments I wonder if the poster is an employee of that company, heavily invested in its stock, or is just a batshit insane loser.

    • by ekhben (628371)

      Sorry your boss sucks so bad, man.

    • by mcgrew (92797) *

      Apple seems to be getting more and more like Microsoft every day. I agree; bug fixes shouldn't be "look how great I am, I'm fixing bugs" it should be "We're sorry for the inconvienience and will try to program less incompetently next time. We hope these bug fixes don't brick your hardware." Plus, TFS says the upgrade is not slated to reach iPad owners until this fall. WTF???

  • Funny (Score:4, Insightful)

    by DrugCheese (266151) on Tuesday June 22, 2010 @04:09PM (#32657570)

    Funny how M$ us to be on top and all you'd read about was the security vulnerabilities left unpatched and with apple on top, with their new line of hardware, are having the same issues. I wonder if we'll ever see something like the Melissa virus, or the iJerk.

    • Re: (Score:3, Insightful)

      by magsol (1406749)
      With Apple finally gaining in the markets, it's becoming profitable to create exploits. While the fanbois would have you believe that Apple products simply weren't exploitable, the simple facts are that 1) there simply weren't enough Apple products in the wild to justify an exploit, and 2) Apple seems to prefer the "silent failure" route (which, admittedly, is less obvious than a BSOD) so users don't know they've been compromised.

      Now that devices like the iPhone, iPad, even iPods have become all but ubiqui
      • 2) Apple seems to prefer the "silent failure" route

        What do you mean?

      • I bid Apple a very warm welcome to the malware-infested playing field M$ has been inhabiting all this time.

        Can you name any malware that affects a non-jailbreak iPhone or iPad?

      • by abigor (540274)

        Well, since you seem to know what you're talking about, how about providing links to all these viruses and malware? The iPad alone has sold 3,000,000 units in three months - surely, with all these vulnerabilities, something must be out there for such a popular item, right?

        The iPhone and iPod have been "ubiquitous" (not quite, but very popular) for ages. Nothing has happened. I wonder why.

    • Re: (Score:3, Informative)

      by phantomfive (622387)
      In the old days, in addition to Microsoft's OS being an open door, a lot of those computers were left on the open internet, making it easy for viruses to find computers to attack. Also, OS distributors didn't really catch on to the idea that leaving services open was a bad idea (it just seemed like being a good netizen to leave your finger port open). For example, I don't think RedHat stopped shipping with the FTP port open by default until 2001 or 2002. And that was a secure OS, Windows was much worse.
    • or the iJerk.

      That's a social problem. And I already see them everywhere...

      • Yeah I know, I EAGERLY await the day the virus gets out there, and all the iPhones blare outloud 'Hey You're a big stupid jerk!'

    • by mcgrew (92797) *

      with apple on top

      Jees, you fanboys are amusing. What, exactly, is Apple on top of?

      As to viruses, being a big fat target is only one of meny reasons MS gets so many viruses, MS software simply isn't written with security in mind; security is an afterthought with them (Adobe is as bad or worse, as are some other companies).

  • ...ever tried improvising on a piano? It's always difficult to find the right way to end, and so you go on and on, frequently repeating yourself. The summary's writer felt the same way.
  • by aaaaaaargh! (1150173) on Tuesday June 22, 2010 @04:09PM (#32657594)

    I wouldn't call that a bug. :-)

    • by Argilo (602972)
      Indeed, it's pretty much the whole point of jailbreaking. :-) And as far as I know, the some of the jailbreaking tools exploit arbitrary code execution vulnerabilities to do their job.
  • There have been no ipad core OS updates of any kind since its release. This includes expected improvements like software tweaks to make wifi more reliable. There were rumors that the ibooks app was released on the App Store so it could get more frequent updates than the core OS, yet it has only had one major update (yesterday's, adding PDF support and a few other features).

    Web rendering engines have security vulnerabilities, and webkit is no exception. Since Apple allows no competing renderers (alternati

    • Hopefully the official iOS 4 release means the developers/QA people have some time to work on iOS 3 patching.

      I'd hope that instead of spending that time patching iOS 3 they just try to release iOS 4 for iPad much sooner (that'd probably be the largest gain, after that if they really want they can work on porting the changes so the people with an original iPhone have security fixes, but I don't actually know the if the numbers would make it worthwhile).

      • by proxima (165692) on Tuesday June 22, 2010 @04:46PM (#32658034)

        I'd hope that instead of spending that time patching iOS 3 they just try to release iOS 4 for iPad much sooner (that'd probably be the largest gain, after that if they really want they can work on porting the changes so the people with an original iPhone have security fixes, but I don't actually know the if the numbers would make it worthwhile).

        You have to support recent releases of your operating system with security updates, as not everyone is going to upgrade to the latest and greatest OS for any number of reasons. Lots of people with the 3G are reporting performance issues with iOS 4 (and few benefits). Until this release, OS updates for the ipod touch weren't free as well.

        This becomes extremely important in the enterprise, where changes are handled more carefully. These mobile platforms seem to be way too fast of a moving target, though. Even Mac OS X gets deprecated fairly quickly relative to enterprise schedules. It's clear that Apple just isn't targeting them, which I think is a shame.

        • by walshy007 (906710)

          Why would they target them? Apple thrives from making throw away iDevices. Making their appliance-like product have any kind of longevity would stop people doing the mac upgrade treadmill every 1-2 years.

          The price you pay for being with apple is being at their terms, they want to limit functionality as much as possible to create a simple user experience. I can't imagine that going well with enterprise either.

  • ...that I worry about. He's played AniMatch on my iPhone and when he sees the iPad he gets this look in his eyes and I'm scared for the iPad.

  • Obviously jumping to conclusions, but the irony would be overwhelming.
  • As a jailbreaker, it is always a little bittersweet to see my arbitrary code execution bugs fixed.

  • I read that the iPad might, possibly, maybe kill it's owner after 30 days of non-use. I know there haven't been any cases of iPhones, iPads or iPod touches attacking and killing their owners, but that doesn't mean you shouldn't fear it. Better safe then sorry!

  • Upgraded my iPhone to v4 last night, now it doesn't work with my Pioneer (DEH-3200UB) car audio deck. Talked to Pioneer and they pointed to Apple. Spoke with Apple and was told "sorry". Maybe the iPad users are the lucky ones.
  • Do you have to agree to have your location information sold to unspecified third parties before you can get the patch?

    • probably, after installing 4.0 on my ipod the app store requested i take the time to read *109* pages of EULA before updating some apps.. I can only imagine how many pages i ignored to install that update in the first place..

      Also, Fuck you apple, why do you need 3GS type hardware in order to have the option for orientation locking? i fully realize that my 3G ipod (8gb, so actually a 2G with a new sticker) probably hasnt got the memory for serious multi-tasking, but no orientation lock? WTF

  • by PeanutButterBreath (1224570) on Tuesday June 22, 2010 @07:27PM (#32659820)

    65 bugs that I won't get patches for in my 1st Generation Ipod Touch. What is the point of paying a premium for hardware, when the control-freak sole arbiter of software patches renders it functionally obsolete long before its useful life has expired?

    • Don't you know, Apple has determined that it is a bad business practice to support older products or OSes, anything more than a few years old. But you're free to buy the new version that will be supported!
    • by illumin8 (148082)

      65 bugs that I won't get patches for in my 1st Generation Ipod Touch. What is the point of paying a premium for hardware, when the control-freak sole arbiter of software patches renders it functionally obsolete long before its useful life has expired?

      Yeah, after 3 years you no longer get updates because your hardware is obsolete. Name one other smartphone/media player vendor that still releases updates for their hardware after it's 3 years old.

    • by El Neepo (411885)

      Most phone/devices do not get updates, even premium ones. How many other consumer devices that are 3 years old still get updates?

      My 1st Gen iPhone isn't getting the updates either. Do I wish did it? Of course.

      I got good updates and upgrades for 3 years. It was worth the cost.

  • I viewed an idle.slashdot.org page, Safari crashed, and my iPhone rebooted on its own. I wonder if I got hit. Yay.
  • The name "jailbreak" comes from the fact that hacking the device involves taking down the BSD jails that userland processes run under. BSD jails provide app sandboxing preventing apps from taking over the phone. While these flaw might be a concern, they are only a concern if the exploit contains some sort of jailbreak payload with malicious content packaged in.

    If you are worried about exposing your personal data, don't jailbreak. I've tried it in the past and I'll never jailbreak again.

"There is nothing new under the sun, but there are lots of old things we don't know yet." -Ambrose Bierce

Working...