Search

iOS 15.0.2: Why Apple Is Issuing Emergency iPhone Updates - Forbes

pentingnus.blogspot.com

Another Apple update was issued this week—iOS 15.0.2—for a vulnerability that was already being used to attack iPhones. It comes after multiple “emergency” updates from Apple this year; sometimes several in one month. The barrage of iOS updates have often been for serious vulnerabilities that were being utilised by attackers in the wild.

Apple has a strong reputation for privacy and security, and has had much success in pushing its privacy focused ethos. The iPhone maker’s closed “walled garden” ecosystem encompassing the hardware and software contrasts to Google Android’s more open one. 

But the huge number of iOS security fixes in 2021 is leading many people to ask: is Apple’s iPhone less secure than it used to be?

“Part of the perception that there are more Apple vulnerabilities now is because we are starting from a low number historically,” says Sean Wright, SME security lead at Immersive Labs.

He says the most important thing is that iPhone issues are being fixed, “often quite quickly.” In addition, Wright points out, issues exploited by the time of the patch—such as the vulnerability utilised by the Pegasus spyware—have been targeted at a specific subset of people, “so the vast majority of ordinary users are unaffected.”

More researchers looking for iPhone vulnerabilities

Apple doesn’t have anywhere near the number of users as Android, but it’s growing. In tandem, criminals are targeting Apple’s iOS platform more: An increased attack surface means additional opportunities to compromise iPhone users.

But at the same time, it could be that more researchers are hunting for vulnerabilities in Apple’s iOS. “I think it’s a swarm effect,” says security consultant Daniel Card. He cites the example of Microsoft Exchange: “No one was looking, then someone looked, and a bug was found. Then everyone went looking.”

Yet many people find Apple’s bug reporting process frustrating. Some researchers say they have reported iOS bugs that have been fixed without crediting them: Security researcher Denis Tokarev says he reported a second vulnerability that was fixed in iOS 15.0.2, which he initially wasn’t credited for.

Tokarev later received an email from Apple acknowledging the vulenarbility.

More scrutiny on Apple is a good thing

Wright thinks more scrutiny on Apple, with researchers finding more holes, is a good thing. “I'd much rather know about a flaw than have that knowledge concentrated solely in the hands of attackers.”

Yet at the same time, because Apple does its own security, the onus and control is taken away from the user. Android is full of vulnerabilities in both apps and software, but users can deploy their own security on the device.

As Forbes’ Zak Doffman says in this week’s Straight Talking Cyber: “Apple is a bit of a black box, and it gets hammered for that. The reality is, if you have got an iPhone, you are completely reliant on Apple to keep it safe.

“The best advice we can give is, just update as soon as those iPhone upgrades are available. There is no real security software you can run; there’s nothing extra you can do, apart from taking the usual precautions around downloading and installing.”

Apple’s App Store is not immune from issues either. People have complained that bad apps are getting through the review process, and tighter controls are needed.  

The Pegasus issue

The Pegasus spyware has also been a challenge for Apple this year. Although it is highly targeted, the malware is scary because it can get onto iPhones without any interaction from the user, through for example a media message.

Jake Moore, a cybersecurity specialist at ESET, points out that in Pegasus, Apple is fighting one of the most intrusive and persistent pieces of malware out there. “Its constant threat looms over Apple’s once proudly secure operating system and overshadows their work to secure devices.”

Where is iOS 14.8.1?

Transparency from Apple is another point of contention among iPhone users. Apple said that from iOS 15, it would allow iPhone users that stay on iOS 14 to receive security updates without upgrading to the latest software. This happened in iOS 14.8—although there did seem to be some extra, albeit not as serious, issues patched in iOS 15. But iOS 15.0.2’s security patch has not yet reached iPhone users still on iOS 14.

It would help if Apple told us what was going on here, as at the moment it’s a guessing game.

Is your iPhone still safe?

With all the emergency updates this year, the latest being iOS 15.0.2, it wouldn’t be strange to ask whether your iPhone has become less safe. While attackers are targeting iOS more as the platform grows, the increased scrutiny in finding vulnerabilities actually makes your iPhone safer.

Moore says attackers “enjoy the fight and chase the kudos of the hack, often not even for financial gain.” However he still thinks the iPhone remains “one of the most secure devices on the market.”

That is, as long as people apply the iOS updates as soon as they arrive. I always advise people to update as soon as Apple issues security fixes, and with increasingly serious vulnerabilities being used to attack iPhones, this advice remains the same.

Adblock test (Why?)



"emergency" - Google News
October 16, 2021 at 05:30PM
https://ift.tt/3DPFpWj

iOS 15.0.2: Why Apple Is Issuing Emergency iPhone Updates - Forbes
"emergency" - Google News
https://ift.tt/2VVGGYQ
https://ift.tt/3d7MC6X
emergency

Bagikan Berita Ini

0 Response to "iOS 15.0.2: Why Apple Is Issuing Emergency iPhone Updates - Forbes"

Post a Comment

Powered by Blogger.