Why has Apple not fixed well known iPhone security problems?
By Davey Winder
Friday, 03 October 2008 15:01
Page 1 of 2
Although Apple has just released a security fix for Apple TV it has yet to address vulnerabilities regarding the security of the iPhone that it was made aware of back in July.
The Israeli researcher, best known for his work in the area of browser vulnerability, writes that it is custom to eat an apple and honey for a sweet Jewish new year, yet "this year starts a little sour for Apple."
Fed up with the lack of any meaningful response from Apple to his reported security vulnerabilities, and Raff insists that despite his requests Apple has refused to provide any fix schedule, he has now published the technical details for all to see.
One can understand his frustration as he watches iPhone firmware v2.0.1, then v2.02 and now v2.1 come and go but still no sign of what is actually quite a serious security flaw being any the nearer to a fix.
The iPhone v2.1 update did fix a total of 8 security vulnerabilities when it was released on September 12th, but the ones detailed by Raff were not amongst them. Which he finds rather surprising.
"Both issues are pretty trivial" Raff insists, adding that they can be "easily fixed by Apple."
Now Raff has adopted a tactic of full public disclosure that he has used in the past to apply pressure to vendors, but which he views as very much the strategy of last resort reserved only for companies that act irresponsibly as he accuses Apple of doing on this occasion.
How do the vulnerabilities that Raff has revealed impact upon the security of iPhone users? More on page 2...
CONTINUES
IT Institute industry certifications earn you credit towards our MBA or Master Degree qualification with Charles Sturt University. Click 
