Miller used a flaw in Safari to take control of a Macbook Air in under two minutes. (See: " How to Take Over Every iPhone in The World.")īut Miller points to a more egregious example of Apple security insouciance in his exploit of a Macbook Air in the Pwn-to-Own security contest in March of last year. Although Apple took more than a month to patch the flaw after Miller disclosed it, the company issued a patch just a day after Miller presented the flaw at the hacker conference Black Hat in July. That bug, according to security researcher and perennial Mac-hacker Charlie Miller, would have allowed a cybercriminal to take control of a phone with a string of text messages and use it to propagate more infectious texts, potentially spreading the attack virally. Even after receiving widespread media attention, Apple took nearly a month to fix the vulnerability.īefore this Adobe mishap, Apple's most recent security flap surrounded a flaw in its iPhone text messaging software. Six months earlier, the version used in Apple's software included a bug that would allow an attacker to take control of a user's browser regardless of their operating system, according to IT security researcher and blogger Julien Tinnes.
Last May, security researchers revealed that Apple had integrated an unpatched version of Java into its Mac OSX. The faux-pas is far from the first time Apple-which didn't respond to a request for comment-has demonstrated a sloppy approach to patching. "It's vital … that operating system manufacturers do not reduce their customers' level of security without warning." "Mac users who have been diligent enough to keep their security up-to-date do not deserve to be silently downgraded," chastised Sophos researcher Graham Cluley in his blog, pointing to the many recent attacks targeting the Adobe's flaws Apple left unpatched.
0 kommentar(er)
