SLAPDASH DEVELOPERS have been advised not to use the open source JSPatch method of updating their wares because it is as vulnerable as a soft boiled egg, for various reasons.
It's FireEye that is giving JSPatch the stink eye and providing the warning that it has rendered over 1,000 applications open to copy and paste theft of photos and other information. And it doesn't end there.
FireEye's report said that Remote Hot Patching may sound like a good idea at the time, but it really isn't. It is so widely used that is has opened up a 1,220-wide iOS application hole in Apple users' security. A better option, according to the security firm, is to stick with the Apple method, which should provide adequate and timely protection.
"Within the realm of Apple-provided technologies, the way to remediate this situation is to rebuild the application with updated code to fix the bug and submit the newly built app to the App Store for approval," said FireEye.
"While the review process for updated apps often takes less time than the initial submission review, the process can still be time-consuming and unpredictable, and can cause loss of business if app fixes are not delivered in a timely and controlled manner.
Let's not all make this JSPatch's problem, because presumably it's developers who are lacking.
FireEye spoke up for the open source security gear while looking down its nose at hackers. "JSPatch is a boon to iOS developers. In the right hands, it can be used to quickly and effectively deploy patches and code updates. But in a non-utopian world like ours, we need to assume that bad actors will leverage this technology for unintended purposes," the firm said.
The week in Google
The scandal that just keeps giving
Clip to the end....