Major iOS security flaw discovered, Apple fumbles it

[BTRY B 529th FA BN]

maybe it was an automatic ban?

 

[VashHT]

I don't see why people are bending over backwards to defend Apple here. He told them about the exploit before he submitted the app, and even then they let his app through the approval process. Not only did he expose a flaw in iOS, but he also exposed a a flaw in the approval process. On top of it all his app was only malicious against himself (according to the story). Apple shouldn't have banned him, it's just bad PR and he was just trying to help them out. Now they look like a-holes for banning a developer who was trying to help them.

 

[zerocool84]

Apple is too busy suing people to fix it.

In all seriousness though, Q/A can take a long time. Some of you just need to relax a little.

 

[Kenmitch]

I don't see why people are bending over backwards to defend Apple here. He told them about the exploit before he submitted the app, and even then they let his app through the approval process. Not only did he expose a flaw in iOS, but he also exposed a a flaw in the approval process. On top of it all his app was only malicious against himself (according to the story). Apple shouldn't have banned him, it's just bad PR and he was just trying to help them out. Now they look like a-holes for banning a developer who was trying to help them.

Its notmal around here.

To some Apple could take a.turd and call it iturd and.market as an energy bar and not only would they eat it. They'd say it tastes great. If some people got sick from it they'd say they ate it wrong.


Warning for trolling
While you have a point - KenMitch - that there are people willing to defend Apple, even to extremes - your post is crude and inappropriate for a technical forum.

Moderator PM

 

[Ns1]

He told them about the exploit before he submitted the app, and even then they let his app through the approval process. Not only did he expose a flaw in iOS, but he also exposed a a flaw in the approval process. On top of it all his app was only malicious against himself (according to the story). Apple shouldn't have banned him, it's just bad PR and he was just trying to help them out. Now they look like a-holes for banning a developer who was trying to help them.

orly now

Miller discovered the bug several months ago when researching iOS 4.3. At the time, he was busy with other research, including discovering a way to hack laptop batteries. But by September, he had fully exploited the flaw and was able to get a proof-of-concept app, which took advantage of it, into the App Store. According to Miller, that app was downloaded by quite a few people before Apple pulled the app on Monday, though he said only his copy is configured to download code from his server.

Miller alerted Apple about the weakness three weeks ago.
11/07/2011 @ 2:38PM |41,610 views

http://arstechnica.com/apple/news/2...-flaw-in-ios-gets-booted-from-dev-program.ars

http://www.forbes.com/sites/andygre...curity-bug-lets-innocent-looking-apps-go-bad/

 

[annomander]

I don't see why people are bending over backwards to defend Apple here. He told them about the exploit before he submitted the app, and even then they let his app through the approval process. Not only did he expose a flaw in iOS, but he also exposed a a flaw in the approval process. On top of it all his app was only malicious against himself (according to the story). Apple shouldn't have banned him, it's just bad PR and he was just trying to help them out. Now they look like a-holes for banning a developer who was trying to help them.

Personally I think the only ones looking like a-holes are people trying to make excuses that a developer who uploaded a app exploit should be thanked and not booted out. I'd do the same, theres a difference between notifying and publishing.

 

[goog40]

The 5.01 update is available today and it addresses battery life as well as this security issue. The OTA update is 40-55 MB depending on device.

 

[Ns1]

The 5.01 update is available today and it addresses battery life as well as this security issue. The OTA update is 40-55 MB depending on device.

found it

OS 5.0.1 Software Update

CFNetwork

Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2

Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information

Description: An issue existed in CFNetwork's handling of maliciously crafted URLs. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could navigate to an incorrect server.

CVE-ID

CVE-2011-3246 : Erling Ellingsen of Facebook

CoreGraphics

Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2

Impact: Viewing a document containing a maliciously crafted font may lead to arbitrary code execution

Description: Multiple memory corruption issues existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font.

CVE-ID

CVE-2011-3439 : Apple

Data Security

Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2

Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information

Description: Two certificate authorities in the list of trusted root certificates have independently issued intermediate certificates to DigiCert Malaysia. DigiCert Malaysia has issued certificates with weak keys that it is unable to revoke. An attacker with a privileged network position could intercept user credentials or other sensitive information intended for a site with a certificate issued by DigiCert Malaysia. This issue is addressed by configuring default system trust settings so that DigiCert Malaysia's certificates are not trusted. We would like to acknowledge Bruce Morton of Entrust, Inc. for reporting this issue.

Kernel

Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2

Impact: An application may execute unsigned code

Description: A logic error existed in the mmap system call's checking of valid flag combinations. This issue may lead to a bypass of codesigning checks. This issue does not affect devices running iOS prior to version 4.3.

CVE-ID

CVE-2011-3442 : Charlie Miller of Accuvant Labs

libinfo

Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2

Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information

Description: An issue existed in libinfo's handling of DNS name lookups. When resolving a maliciously crafted hostname, libinfo could return an incorrect result.

CVE-ID

CVE-2011-3441 : Erling Ellingsen of Facebook, Per Johansson of Blocket AB

Passcode Lock

Available for: iOS 4.3 through 5.0 for iPad 2

Impact: A person with physical access to a locked iPad 2 may be able to access some of the user's data

Description: When a Smart Cover is opened while iPad 2 is confirming power off in the locked state, the iPad does not request a passcode. This allows some access to the iPad, but data protected by Data Protection is inaccessible and apps cannot be launched.

CVE-ID

CVE-2011-3440

How's that OP?

 

[Bateluer]

How's that OP?

They should get a pat on the back. 😛 Still need to unban the person who found the exploit and alerted them to it though.

 

[tdawg]

I think Apple handles issues decently. I think they get a lot of flak because they're Apple. I bet if antennagate happened to any other device no one would have cared or made such a big deal out of it.

I think a lot of companies are at fault for not fixing their issue in a prompt manner. I mean how long did it take Samsung to fix their GPS issue?

The difference here is that Apple is much more well known to the lay person than any android phone manufacturer. If you're writing articles to drive readership, better to focus on the names people know and have some sort of reaction to. Because of Apple's visibility in the general market, people will pay more attention.

Honestly, the lay person could probably care less about reading about how long it took Samsung to fix the GPS issues on the original Galaxy S phones, or what HTC is up to.

 

[ultimatebob]

I just installed the iOS 5.0.1 update on my iPad from 4.3.2, and the experience thoroughly sucked.

First, I was told that I needed to update iTunes to 10.5. The update failed. I tried again, and it failed again. I then uninstalled iTunes, and tried installing it again. The installation failed AGAIN (some problem with the Apple update service). I had to manually remove iTunes directories and registry from my computer before it would re-install successfully.

After all that, I then tried downloading the iOS 5.0.1 update. The download failed half way through. So, I downloaded it again. This time, the iOS update worked, but the application restore locked up half way through. So, now I have an updated iPad with NO working third-party apps. I'm trying to clean up that mess now.

 

[TheStu]

I just installed the iOS 5.0.1 update on my iPad from 4.3.2, and the experience thoroughly sucked.

First, I was told that I needed to update iTunes to 10.5. The update failed. I tried again, and it failed again. I then uninstalled iTunes, and tried installing it again. The installation failed AGAIN (some problem with the Apple update service). I had to manually remove iTunes directories and registry from my computer before it would re-install successfully.

After all that, I then tried downloading the iOS 5.0.1 update. The download failed half way through. So, I downloaded it again. This time, the iOS update worked, but the application restore locked up half way through. So, now I have an updated iPad with NO working third-party apps. I'm trying to clean up that mess now.

Well that sucks. Apple needs to fix iTunes badly.

On the bright side, I don't think that you will need to worry about it again once you have iOS 5.

 

[Throckmorton]

They should thank him? Really? He pointed out the flaw to them privately (good), but then, like a tool, put together an app and got it approved and then let it get put out there. I am not sure if he pulled the app or it apple did, but if it was the latter, then no, it wasn't a dick move to ban him.

If the story had been that he made an app, later discovered that it had this exploit, alerted apple, and pulled it then it would be a dick move to ban him.

So Apple allows apps on their store that exploit vulnerabilities? They're supposed to check all that stuff BEFORE allowing the apps.

 

[Mopetar]

So Apple allows apps on their store that exploit vulnerabilities? They're supposed to check all that stuff BEFORE allowing the apps.

Anything that exploits an undiscovered vulnerability in the actual code is unlikely to show up in the screening process. Static analysis isn't sufficient to find many bugs and can actually create a lot of false positives. Other forms of testing are too expensive given the volume of submissions.

 

[Aikouka]

First, I was told that I needed to update iTunes to 10.5. The update failed. I tried again, and it failed again.

Personally, I always uninstall iTunes and reinstall it when I do a major update like that. I did that with 10.5 and it worked fine. I also uninstalled all of the other Apple junk like Bonjour, Mobile Service, etc.

So, now I have an updated iPad with NO working third-party apps. I'm trying to clean up that mess now.

All iOS devices were wiped of their apps when going from 4.x.x to 5.x.x. If you went from 5.0.0 to 5.0.1, you would be fine.

 

[TheStu]

So Apple allows apps on their store that exploit vulnerabilities? They're supposed to check all that stuff BEFORE allowing the apps.

It was an unknown exploit, how exactly were they supposed to test for it?

 

[Suspicious-Teach8788]

So people cry when these apps make it through, but they cry anyway when Apple bans the dev. Either way it's lose lose for Apple because Phandroids will cry one way or the other.

Seriously, with threads like these, it's just a troll attempt. When your daily Android Propaganda man posts an article like this and talks about Apple fumbling it in the title, you know what to expect.

Honestly, if you look at it Apple's handled a lot of these issues better than say Samsung handled their GPS issues or the Froyo update for US SGS phones... or better than Motorola has handled the entire bootloader controversy.

 

[Pliablemoose]

iOS 5.0.1 has made a significant difference in my battery life, (old school iP4 on Verizon) like 40+%, typically by now my phone would have a 10% charge left, it's at 65% right now after an hour long convo with current squeeze (who bitched that I don't call her often enough, LOL). I use my phone on the web a lot, and burn through the battery pretty quickly, and I have all the location services turned on...

😵

So people cry when these apps make it through, but they cry anyway when Apple bans the dev. Either way it's lose lose for Apple because Phandroids will cry one way or the other.

Seriously, with threads like these, it's just a troll attempt. When your daily Android Propaganda man posts an article like this and talks about Apple fumbling it in the title, you know what to expect.

Honestly, if you look at it Apple's handled a lot of these issues better than say Samsung handled their GPS issues or the Froyo update for US SGS phones... or better than Motorola has handled the entire bootloader controversy.

Read an article the other day about how Apple gets a lot of criticism for bugs, omissions, etc, and the gist was that Apple takes the complaints seriously and actually fixes their stuff, making for a better product.