YOUR IT - Technology for you

No. 1 Story

Telstra adds one million mobile services, but Sensis plummets

Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.

 read more
StumbleUponSubmit to redditShare this on TwitterShare on facebook | Print |PDF 

More From

Why has Apple not fixed well known iPhone security problems?

Davey Winder
Friday, 03 October 2008 16:01

Your IT - Mobility

Page 1 of 2
Nearly three months ago a security researcher did the right thing and informed Apple that he had found some serious vulnerabilities that impacted upon the security of the iPhone. Isn't it about time that Apple responded in kind by releasing a fix already?

Although Apple has just released a security fix for Apple TV it has yet to address vulnerabilities regarding the security of the iPhone that it was made aware of back in July.

Microsoft Office 365 Get your free Trial
Indeed, Apple was treated to full disclosure regarding the problems a few weeks before the public was informed they existed. Now the security researcher who originally uncovered those two vulnerabilities, Aviv Raff, has had enough of being Mr Nice Guy.

The Israeli researcher, best known for his work in the area of browser vulnerability, writes that it is custom to eat an apple and honey for a sweet Jewish new year, yet "this year starts a little sour for Apple."

Fed up with the lack of any meaningful response from Apple to his reported security vulnerabilities, and Raff insists that despite his requests Apple has refused to provide any fix schedule, he has now published the technical details for all to see.

One can understand his frustration as he watches iPhone firmware v2.0.1, then v2.02 and now v2.1 come and go but still no sign of what is actually quite a serious security flaw being any the nearer to a fix.

The iPhone v2.1 update did fix a total of 8 security vulnerabilities when it was released on September 12th, but the ones detailed by Raff were not amongst them. Which he finds rather surprising.

"Both issues are pretty trivial" Raff insists, adding that they can be "easily fixed by Apple."

Now Raff has adopted a tactic of full public disclosure that he has used in the past to apply pressure to vendors, but which he views as very much the strategy of last resort reserved only for companies that act irresponsibly as he accuses Apple of doing on this occasion.

How do the vulnerabilities that Raff has revealed impact upon the security of iPhone users? More on page 2...

CONTINUES


Start 1 2 Next 

Sponsored Announcements

Websense #1 in Web Security Fourth Year in a Row

David Bass | For the fourth year in a row, IDC has placed content security provider Websense (NASDAQ: WBSN) at the top of the IDC Worldwide Web Security 2011 –…

You may have missed


Advertisement

- sponsored feature -

The Death of Traditional BI: What’s Next?

How to Make Business Discovery Work for Your Business IP PABX BUYING GUIDE

Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases