No. 1 Story

Technology reinforces generation gap

If you believe that technology could be bridging the generation gap, think again. According to Deloitte’s first State of the Media report it’s as stark as ever.

read more

Related Articles

Adoption of cloud computing has reached a tipping point  - but don’t expect legacy...
Read More
In yet another blow to the Facebook IPO this week, following the withdrawal of...
Read More
Recruitment technology and social media have played a significant role in growing business in...
Read More
It's no longer unusual for a household or small business to use a mixed...
Read More
It's no longer unusual for a household or small business to use a mixed...
Read More

More From

Popular Threads

Why has Apple not fixed well known iPhone security problems?

Davey Winder
Friday, 03 October 2008 15:01

Your IT - Mobility

View Comments
Page 1 of 2
Nearly three months ago a security researcher did the right thing and informed Apple that he had found some serious vulnerabilities that impacted upon the security of the iPhone. Isn't it about time that Apple responded in kind by releasing a fix already?

Although Apple has just released a security fix for Apple TV it has yet to address vulnerabilities regarding the security of the iPhone that it was made aware of back in July.

Indeed, Apple was treated to full disclosure regarding the problems a few weeks before the public was informed they existed. Now the security researcher who originally uncovered those two vulnerabilities, Aviv Raff, has had enough of being Mr Nice Guy.

The Israeli researcher, best known for his work in the area of browser vulnerability, writes that it is custom to eat an apple and honey for a sweet Jewish new year, yet "this year starts a little sour for Apple."

Fed up with the lack of any meaningful response from Apple to his reported security vulnerabilities, and Raff insists that despite his requests Apple has refused to provide any fix schedule, he has now published the technical details for all to see.

One can understand his frustration as he watches iPhone firmware v2.0.1, then v2.02 and now v2.1 come and go but still no sign of what is actually quite a serious security flaw being any the nearer to a fix.

The iPhone v2.1 update did fix a total of 8 security vulnerabilities when it was released on September 12th, but the ones detailed by Raff were not amongst them. Which he finds rather surprising.

"Both issues are pretty trivial" Raff insists, adding that they can be "easily fixed by Apple."

Now Raff has adopted a tactic of full public disclosure that he has used in the past to apply pressure to vendors, but which he views as very much the strategy of last resort reserved only for companies that act irresponsibly as he accuses Apple of doing on this occasion.

How do the vulnerabilities that Raff has revealed impact upon the security of iPhone users? More on page 2...

CONTINUES


Start 1 2 Next 

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases