Good point. And the legislation may actually make manufacturers liable if they don’t provide timely fixes for known vulnerabilities during the period for which they promised security updates.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Faces New Cybersecurity Law in UK
- Thread starter MacRumors
- Start date
- Sort by reaction score
doesn’t seem like this’ll be much of an issue for Apple, as plenty of others have already pointed out. they fare perfectly well with security updates for older OSes & have never kept it a secret what their timeframe is for devices becoming vintage/obsolete (though I get this has more to do with software than hardware, a device attaining such status implies it will not receive major software updates, simply critical security updates as-needed).
as far as reporting on security vulnerabilities goes, it’s my understanding Apple’s done better with this in recent years as well—even if what they do with the information they’re given does leave a bit to be desired…
as far as reporting on security vulnerabilities goes, it’s my understanding Apple’s done better with this in recent years as well—even if what they do with the information they’re given does leave a bit to be desired…
That’s going to be interesting for all these cheap Chinese cameras and IoT devices.
Last edited:
It's trying to sell an unpalatable bill by adding some window dressing - they don't really care about security. They only really care about encryption because it stops them reading everyone's messages.
Here's the perfect example of government stupidity: First require Apple to allow sideloading of apps. Then, threatent Apple with fines if they don't improve cybersecurity!
Nothing makes me feel smarter than knowing my elected leaders are idiots.
Nothing makes me feel smarter than knowing my elected leaders are idiots.
Bingo. Stuff like this is just the pretext so that they can use legal force to drag a chair up to the table when tech firms are discussing network security. Then they start twisting arms and greasing palms.
At this point, Apple’s legal team must itself be the size of a Fortune 500 company
I'm looking forward to having access to this information for two reasons:
However, I could see a scenario where Apple only guarantees 3 years of updates or something low like that and then "surprises and delights" with additional years of support. Classic under promise, over deliver, which would be in the spirit of this law. Although this might affect consumer choice if other brands offer longer terms. The thing is, many other companies don't offer more than a few years. Only recently did Google start offering longer software support updates for their products.
- It will help me make recommendations about older or used devices to people like my grandparents who don't care about the latest and greatest iPhone or iPad
- It will help me plan out my longer-term purchases such as Macs as well as refurbished iPad generations for my kids
However, I could see a scenario where Apple only guarantees 3 years of updates or something low like that and then "surprises and delights" with additional years of support. Classic under promise, over deliver, which would be in the spirit of this law. Although this might affect consumer choice if other brands offer longer terms. The thing is, many other companies don't offer more than a few years. Only recently did Google start offering longer software support updates for their products.
Yes, sir. We provide seven years of security updates. (If our brand exists.)
Laws are for law-abiding entities.
Getting rid of default passwords is a good idea. Far too many people don't realize devices beyond phones and maybe a WiFi router have default passords, let alone change them. Some of my devices come with a sticker with a unique default password on it, so unless I lose the device I can always reset it to default.
True, but as long as an OS is supported most developers will continue to develop software for it. Apple wouldn't let some other browser steal market share and would prob continue to release Safari if that would be the case.
You make a good point. Another benchmark would be to measure how fast software patches or workarouinds are being released when a flaw is found.A number doesn't mean much if critical vulnerabilities aren't fixed. The real metric is number of CVEs fixed.
PSA: Apple isn’t actually patching all the security holes in older versions of macOS
Big Sur got a fix 234 days before Catalina did, although both are supported.arstechnica.com
When things like this are going on and Apple has no official comment about it, can you blame regulators for becoming increasingly concerned about Apple’s commitment to security??
forums.macrumors.com
Apple ID Accounts Logging Out Users and Requiring Password Reset
There are widespread reports of Apple users being locked out of their Apple ID overnight for no apparent reason, requiring a password reset before they can log in again. Users say the sudden inexplicable Apple ID sign-out is occurring across multiple devices. When they attempt to sign in...
forums.macrumors.com
Apple has been making major investments in ad service platforms. They don’t sell your data right now but that doesn’t mean they aren’t using it and won’t sell it in the future.
Yup, I trust Apple, a greedy corporation, with my data so that it can use it for its ad platform. I do not like my government to access the data to solve crimes of national importance.
Apple's new ad product pushes it closer to Google
Last week, Apple made news for testing an AI-powered ad product similar to Google’s Performance Max. Apple has been successfully investing in advertising for the past few years. But Google has a multibillion dollar advertising advantage. Even with AI advertising improvements, Apple is nowhere...www.emarketer.com
There is a stark contrast between Google's advertising and Apple's.
Google is selling YOU! Apple is selling ads based on anonymous data.
In that article you linked, there's this...
What cookie alternatives? Oh ya... users "signed into" Chrome. Google gets your data. Google was even busted collecting Incognito data!
The UK is a country that wants encryption backdoors, which nullifies the point of encryption.
This somewhat bolsters Apple's argument for sandboxing sideloaded apps in the name of cyber security.
And yet we keep reelecting them.
Yea, fly by night companies will simply change their name and keep selling the same junk.
I left my front door open
my wallet is on the coffee table
my passport is in the bedroom side table
my cars key fob is hanging in the hallway
and I left the back door open... not by design or intention, I just forgot to close it
but I use strong and secure passwords, and everything that hasn't been taken is updated to the latest version as per government requirements.
my wallet is on the coffee table
my passport is in the bedroom side table
my cars key fob is hanging in the hallway
and I left the back door open... not by design or intention, I just forgot to close it
but I use strong and secure passwords, and everything that hasn't been taken is updated to the latest version as per government requirements.
You get that your comment is an extraordinary hair split? Both are using your data to serve ads.
And what about the 3rd party App stores in the EU (I know this is the UK). And weren't the the ones demanding a backdoor into the system?
That last mandate is worthless. Replace it with have a built in firewall mandate and we're golden. All these laws for network security and not a single one address the most glaring flaw. If the criminal doesn't have free access to your device, they have a harder time accessing your data.
I've been banging on the table this one issue for years. No one seems to care for firewalls on their always connected device.😒 It's like walking in the rain without an umbrella and expecting not to get wet. The most basic of network protection and you have to root and sideload to get have some modicum of security.😫