Exactly.... how many exploits and security threats are reported and never patched. We don’t know because Apple has a security bug bounty. Then the bug reporters are paid and sign a NDA to never talk about about it again. We don’t know if those exploits are ever patched.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Lies and Security Patches
- Thread starter Michael Goff
- Start date
- Sort by reaction score
Exactly.... how many exploits and security threats are reported and never patched. We don’t know because Apple has a security bug bounty. Then the bug reporters are paid and sign a NDA to never talk about about it again. We don’t know if those exploits are ever patched.
Excuses for what? I myself have not gave any of these manufacturers a pass. But I'm challenging the mentally of many users having damn near temper tantrums for not having the latest security update, especially since they know next to nothing about the exploits.
And no, us PC users don't have a security patch obsession. Many like myself even do the temporary update opt out, or edit services to update manual only.
There are many KNOWN/DISCOVERED exploits of operating systems, apps, and hardware that haven't been patched for whatever given reason.
There isn't much to talk about. Some manufacturers lied about security patches, big whoop. Should it be corrected? YES!!! Are Android users under an imminent security threat, NO!!!! Now if that's cheerleading, then so be it. Don't know what type of insane panic you were expecting.
It’s not going to do any good. Some want to claim the sky is falling. Nothing we can say and no amount of logic will assuage then.
We know some Android OEMs have lied about security patches. Probably will cause about zero consequences but it makes for good headlines and debate.
We were talking about Apple in this case and that’s what I answered you just confused everything including me.Excuses for what? I myself have not gave any of these manufacturers a pass. But I'm challenging the mentally of many users having damn near temper tantrums for not having the latest security update, especially since they know next to nothing about the exploits.
And no, us PC users don't have a security patch obsession. Many like myself even do the temporary update opt out, or edit services to update manual only.
There are many KNOWN/DISCOVERED exploits of operating systems, apps, and hardware that haven't been patched for whatever given reason.
There isn't much to talk about. Some manufacturers lied about security patches, big whoop. Should it be corrected? YES!!! Are Android users under an imminent security threat, NO!!!! Now if that's cheerleading, then so be it. Don't know what type of insane panic you were expecting.
it really sounds like your trying to blow the issue up. Many of us have agreed they lied and should not have done so.
But if you are truly concerned about security then look at the whole picture.
Not just the whole picture but context
I do not think we can even say lied all we know is some OEM's did not follow Google patch releases recommendations
In some of the top premium devices it was 1 patch not followed/implemented
- They all agreed that it's probably the hardest way to take advantage of your phone via one of these found vulnerabilities
- Secondary methods of security ie randomization of memory and others make it even less likely or possible
- It's also thought that there is almost no chance of there being a domino effect or increased exploit between or via multiple patches missing
- It's also possible that some patches were not applicable to some OEM's
You are more likely to introduce a vulnerability yourself from 3rd party apps or other methods as we have seen of late from Apple, by the OEM itself
There is a perception that has no documented evidence that somehow Apple patch updates are better, which is simply untrue . There is just a nicety of distribution ie everyone gets it at the same time for a given IOS version, where due to many Android OEM's and even carriers that also include other updates in the patch are distributed differently time wise.
I do not believe we have see multiple reports that my eg At&T phone was exploited as I got my patch later than another or because I am on a lower IOS version
Now if we want to idly speculate what OEM's do not tell us about or include or exclude well the recent finger points straight to Apple on this and a few years back it was Samsung but they are probably all equally as bad, at times
Last edited:
Here is another example of an KNOWN IOS exploit that has not been patched. This known exploit allows people to use a brute force box to guess your pin code and unlock your phone. The iphone is supposed to wipe your phone after 10 failed pin code entries. This known unpatched exploit gets around this security feature.
https://www.macrumors.com/2018/04/16/iphone-cracking-six-digit-passcode/
https://www.macrumors.com/2018/04/16/iphone-cracking-six-digit-passcode/
Last edited:
Apple will probably patch this in 11.4(is my guess if it’s not a hardware exploit). In the meantime my passcode is guessable in about 4 quintillion years as I have an easy to remember 20 character alpha and numeric passcode.
Makes a change than just a blank Admin password on some MacOs update LOL