(3 votes, average: 6.67 out of 10)
Loading ...Advantage Apple – Saves face with timely iPhone patch
By Joaquim P. Menezes -
Whew! That was a close one…for Apple.
But the company has certainly pulled off a coup, releasing fixes for serious iPhone “vulnerabilities” days after they were first detected.
That’s not just significant from a security perspective, but from a “corporate reputation” standpoint as well.
By releasing the fix before briefings began at the Back Hat Conference in Las Vegas, Nevada (where details of the flaw were disclosed on Thursday) Apple managed to save face big time.
The exploit, which is delivered via a malicious Web page opened in the Safari browser on the iPhone was first reported by the New York Times on July 23.
And it wasn’t small potatoes.
Detected by researchers working for an ethical hacking firm Independent Security Evaluators – the “vulnerability” would enable someone to take control of iPhones through a WiFi connection, or by tricking users to visit a Web site that contained malicious code.
The hacker would then be able to access all the information the iPhone contained.
Initially Apple reps themselves wouldn’t say if the company would be able to deliver a patch before details of the flaw were disclosed at Black Hat.
The fact that the company pulled it off may have something to do with the fact that when notifying Apple of flaw, Independent Security Evaluators also proposed a fix. Apple’s fix, however, accomplishes much more than rectifying critical flaws in the handset.
It also searches for and eradicates changes made to the firmware of the phone, according to some hackers – who have sought to unlock the iphone.
Charlie Miller, principal security analyst at Independent Security Evaluators provided a detailed disclosure of the exploit at Black Hat on Thursday.
Check out his Power Point slide deck as well as the technical paper the company has posted on its Web site describing the attack.
Tell us what you think by posting a comment below.
