Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple better damn well put out a release before the exploit goes public

S

St. Germain

macrumors 6502
Original poster
May 19, 2006
381
34
There is no excuse whatsoever for :apple: to not put out an update to fix the exploit that was found. Right now it's ok that there's no fix because it only exists in a closed lab. However since that group is explaining the vulnerability to the Black Hat conference on Aug. 2nd, there is no excuse for there not to be a fix out by then.

The iPhone is particularly vulnerable because it relies heavily on online "applications." All some hacker (the evil kind) would need to do is design a semi-popular iPhone app that iPhone users would flock to, then exploit away.

I would be very happy to wake up tomorrow to the first iPhone patch.
 
I agree that they definitely need to submit a patch for the security risk very soon. Hopefully they are working dilagently on getting this update ready to be released very soon.
 
Think they will release the update to fix the hole as well as providing lots of updates all at the same time. This timeline will have been pushed forwards by the upcoming release to the public of the details so i think it will arrive pretty song.
 
overcast said:
He sits on a public forum and continues to bitch and whine. This exploit relies on a lot of specific circumstances to all be occurring at once. It's really a non issue but does require a fix.
Click to expand...

Agreed, but that hasn't stopped the likes of NBC News and others from televising massively sensationalized reports on the subject. :rolleyes: I remain confident though that Apple will get a fix out before Thursday.
 
Update on the way according to my neighbor's uncle's brother's girlfriend's sister's good friend, B. Gates.
 
overcast said:
He sits on a public forum and continues to bitch and whine. This exploit relies on a lot of specific circumstances to all be occurring at once. It's really a non issue but does require a fix.
Click to expand...

What specific circumstances are you talking about?

All it takes is to visit a website that has an exploit in place.

That's incredibly easy to arrange. All one would have to do is post a message, like "free iPhone cases!" or "The first update is here! read this site for the news!"... and thousands of people would click on the link.

Bam. They're nailed.
 
Unless you spend time going to websites that you've never heard of before, it's a moot point.

Practice safe surfing....!

What I'm getting sick of is all my friends saying "you better watch out, I hear all your info is available to steal"

The media is blowing this up, and we all know that an update is around the corner. But the truth is the iPhone is a computer, and ALL COMPUTERS have security flaws. There will be many more to come on the iPhone, but I sure am glad I don't own a Windows Mobile device.
 
I agree...besides, someone really must be very bored to read my text messages, see my contacts, et al. Maybe I'm a bit more reticent about people reading my email, but I don't exchange social security numbers, passwords, or credit card numbers via email, either! Anyone who considers plain text communications (read: SMS, pretty much all email) to be a secure carrier for anything remotely sensitive has to be crazy.

Big deal, Joe Q hacker knows who I'm dating, where I had dinner, and all about my loathing for Entourage...hope he has fun living vicariously through my SMSes!

Does this exploit provide anything more than read-only access (outside of the malicious dial capability)?

gceo said:
Unless you spend time going to websites that you've never heard of before, it's a moot point.

Practice safe surfing....!

What I'm getting sick of is all my friends saying "you better watch out, I hear all your info is available to steal"

The media is blowing this up, and we all know that an update is around the corner. But the truth is the iPhone is a computer, and ALL COMPUTERS have security flaws. There will be many more to come on the iPhone, but I sure am glad I don't own a Windows Mobile device.
Click to expand...
 
bmustaf said:
Does this exploit provide anything more than read-only access (outside of the malicious dial capability)?
Click to expand...

From your comment about dialing, you must be thinking of the simple HTML exploit, not the major new one that was found, wherein a buffer overflow allows running an executable.

Any exploit that allows an executable to be placed and run on a device (especially this one, where every process is run as root), can allow read and write access.

Key logging, for example. Everything you type can be secretly saved and copied to another server for analysis.

Think about that. Bank passwords, anyone?
 
ISE hasn't divulged the details of the exploit, thats what they plan on doing Thursday. They did mention that since all processes on the iPhone run as root, that they could take complete control of the device and consequently, world domination;).

Really though, Apple has had all of ISE's findings since 7/17, they should patch it already.
 
kdarling said:
Any exploit that allows an executable to be placed and run on a device (especially this one, where every process is run as root), can allow read and write access.
Click to expand...
Oh, so they can run the Hello World executable that's been compiled for the iPhone?
 
I don't care about the exploit. I just want iPod to stop crashing while using Safari. And, for Safari to stop crashing. Very annoying pair of bugs.
 
i don't know what the hell is taking so long for an update of any kind. There are so many small issues that could be easily fixed by an update, and i don't understand, i thought after the hackers found a way to put ringtones on the iphone we would for sure see an update. I mean isn't apple losing money?
 
That's a good point Joshua, I think Apple has taken a step back because of the immense interest in hacking the iPhone. My guess is that they're trying to figure out how much they are going to "ignore", which they definitely will as they don't have the man or woman power to compete with the dev clubs. Also how they can proceed forward, make money for functionality such as ringtones but at the same time alleviate the need to hack for features they omitted.

I think they made a mistake by leaving out all the things they have. It has rallied the dev community! It is in stark contrast to Jobs wanting a secure safe environment for the iPhone that just works, at least the way Apple wants it to work.

I'm interested to see if the subsequent updates disable the modifications that many people want and need. This thing just gets more interesting by the day.
 
gceo said:
Unless you spend time going to websites that you've never heard of before, it's a moot point.

Practice safe surfing....!
Click to expand...
Lets be honest...about 90% of the new iPhone "apps" are web pages we've never heard of before. That's why I think we're particularly vulnerable. iPhone users are flocking to these sites by the thousands. A friend who has a new app has already had it visited by over 100,000 individual iPhones. Again, it would just take someone creating a semi-popular new iPhone specific web "app" to get iPhone users rushing to their site. I'm not saying this particular exploit will be used that way, I just think that this kind of stuff needs to be patched ASAP, and especially before it's released to an entire conference of hackers.

I have full faith in the fact that Apple will patch this and my worrying will be for nothing. They just really need to stay on top of this because these web "apps" make us particularly vulnerable I think, and dozens of new ones pop up each day.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back