Nurturing innovation through performance work practices
|
|
|
Apple sits on a patch for a critical flaw
PEDDLER OF BROKEN DREAMS Apple has apparently come up with a patch for a critical flaw in the Iphone OS that gives a hacker so much control over the device that they might as well be Steve Jobs.
As we reported last week, Apple was dead keen to find a fix for the flaw. This is not because Jobs' Mob has been listening to insecurity experts who have been warning that a worm will be infecting Iphones shortly unless a patch is released. Apple is more interested in getting the patch for its IOS security flaw because it is a key component in jailbreaking Iphones.
The thought that users might actually have some control over their machines is the sort of thing that causes Steve Jobs night terrors. If Apple users break out of his walled garden they might find themselves much happier, which is something that the Apple CEO doesn't want to allow.
At the moment the Iphone is so vulnerable that kids can go into Apple stores and jailbreak the phones for a laugh.
According to USA Today, Apple has come up with a patch for the flaw, but the Apple spokesperson interviewed could not provide a release timeframe for the update.
Recently the site jailbreakme.com came to the public attention due to its ability to jailbreak an Iphone 4 merely by visiting the web site with the Safari browser on the smartphone.
The reason for the delay is because Apple has to negotiate with all those mobile phone networks it has locked in deals with, apparently.
USA Today points out Apple would not have this problem if it shared code with anti-virus companies that would issue patches themselves.
The problem for Apple is that if it does that, then it will have to admit that its software has security problems just like all other software in the industry. It is an article of faith at Apple that its software is the most secure in the world and no hacker can bring it down. This faith must be maintained, even if Apple's operating systems are regularly trashed at every hacker conference. µ
Share this:
Share
Did you read the article? Nick said: "The reason for the delay is because Apple has to negotiate with all those mobile phone networks it has locked in deals with, apparently.".
That does not sound to me like he is quoting Apple. First, he is not directly quoting anyone, and second, there is no indication of the source he got that from (it's not even attributed to the normal "sources within the company" that the sunday papers often use), or whether that source is anything to do with Apple.
Also, this point about sharing code with AV developers. While I have no link with any software company, so cannot say for sure, I know that Microsoft (for instance) has very strict rules for access to Windows source code, and I'd be surprised if they'd let any company who has any links to a competitor access to that code. I suspect that would include any AV maker who has a product on OSX.
I'd be shocked if Apple did not do the same thing.
This final bit is a comment on the article, and not specifically addressed to you, Sev.
The Article doesn't make sense. Whether Apple want to keep iPhone users in their walled garden or they actually want to fix the security flaw (which with their current attempts to push the iPhone for enterprise use would certainly be in their interest), it would be in their interest to put the patch out as quickly as possible.
My own personal view is that they wish to test the patch thoroughly first, and then probably roll it out with the iOS 4.1 update, which we already know is in Beta.
As for the dumb Mac fanboys twisting stuff argument. Well, I like Macs. I am also intelligent enough to respect the fact that not everyone holds the same opinions I do. Something which, seemingly, a lot of Mac haters aren't.
"Firstly the idea that fixing a bug in the PDF rendering engine would require negotiation with the cell companies."
Did you even read what is in front of you? Nick did not make that claim, he was quoting Apple. Same with the point about sharing code with AV developers - that was a point raised by USE Today and merely quoted in this article.
You dumb mac fanboys will twist anything to get your jibe in at the Inq's authors.
No, the cell companies aren't involved in distributing updates. Updates work via iTunes and the user's home Internet connection. There's no reason they need to be involved in the process (even their input into baseband updates should be limited).
@chill: do you really think the network providers distribute pathes to iOS?
The only way to patch an iOS device is through iTunes. Running on your computer. Connected to the 'net. Most probably NOT through your mobile network.
And I have a cure for Cancer. This is just a delay tactic and anyone who follows Apple should know they like to deflect the truth and never admit to fault while they come up with a workaround.
They cant even admit they have an antenna problem. They tell everyone your holding it wrong then they issue condoms for the device. This is a company that cant admit fault and their consumers are the ones who pay the price. The reality distortion bubble should be popping soon.
You should take a few deep breaths and sit down, perhaps have a cup of Chai tea and light some Patchouli scented incense.
The network providers are involved in the distribution of the patch, not its content.
Nick could be excused for thinking that Apple were not actually lying for once when they announced your first point... he didnt make that up that was apple's official statement.... Your second point shows how ignorant you are about how the big software outfits deal with the AV industry... It was a point that I have read in another magazine so it is not unique to the INQ..... What is the matter did Nick once spurn your advances at a cocktail do or something? Or is it just your wish to bully him into doing Apple's bidding
TWO spectacularly stupid and obviously incorrect facts in one article.
Firstly the idea that fixing a bug in the PDF rendering engine would require negotiation with the cell companies. It's not part of the baseband code and has no effect on how the device interacts with the cellular network ergo this is complete BS.
Given that the entire GUI engine is based arround postscript then chances are they want to thoroughly test any changes, and maybe roll the change in with the upcoming iOS4.1 to minimise the number of updates.
The second dumb idea is that ANY company would hand the source code for closed components to third party AV companies (who are only really interested in selling their own software anyway) to fiddle with. It's unlikely to result in significant reductions in security holes (what's in it for the AV companies to start with, why should they bother?), it would have no effect on the time to roll out fixes (which still need to go through QA testing) and it exposes the source to possible theft.
Is it "an article of faith at Apple that its software is the most secure in the world"?
"Victims" (customers) of the "reassuringly expensive" Apple PCs like to tell themselves that their machines are so much less virussy than Windows, but that isn't the same thing. (And the first Apple Macs were hugely virussy.)