Apple has patched a critical iOS vulnerability that allows attackers to install malicious apps on iPhones, iPads, and iPod touches by doing nothing more than luring victims to a booby-trapped website or sending them a tainted email. The update plugs a hole in Apple-designed document-viewing software that allows attackers to …
no fix for iPhone yet....
No word from Apple about a fix for the original iPhone yet, since the original iPhone can't run iOS. There are also a lot of iPhone 3G and 3GS owners that won't update to iOS until Apple fixes the speed and battery issues in iOS so the exploit won't be patched until they release a 3.1.x patch as well.
RE: no fix for iPhone yet....
"There are also a lot of iPhone 3G and 3GS owners that won't update to iOS until Apple fixes the speed and battery issues in iOS so the exploit won't be patched until they release a 3.1.x patch as well."
These issues don't seem to affect the 3GS. Only *some* 3Gs are affected...
That network is going to stagger and fall under the load. 378mb for a PATCH on a cell phone.... just wow.
On a side note: The troubles I've had since last Thursday with AT&T just completing a dns change makes me want to giggle and point..... bastards deserve all of that and more.
Patch comes over your broadband, not the AT&T network
ONLY available via WiFi?
I was wondering about that myself when I saw the "iPad update is a whopping 456.9MB in size" bit. I am assuming that at SOME point an iPad user would have access to WiFi, but what if not? Are all updates restricted to non-3G connections?
As for AT&T, fortunately I have not experienced any problems with their DNS. I am curious about that as well. I never pay attention to the DNS the network hands out as I use my local Bind session for resolution on my laptop.
iPhone patches get downloaded onto your PC and then installed over iTunes and your cable to the device.
The reason that it's so big is that this isn't a patch. Apple don't patch, they just release a whole new iOS. Which includes browser, mail app, phone, contacts app, etc. etc. etc....
Hence, yes it is a bit chunky.
No it isn't.
Updates are deilvered via itunes when you sync the device, NOT over 3G or even directly to device via WIFI.
How do you think updates get to ipod touch or non 3G ipads? Dunce.
Updates are done via itunes
not directly to the device.
You HAVE to sync to update.
I can use iTunes without having to go anywhere near Windows, your point? Carry on...
"Last decades shittiest and buggiest piece of software in the history of modern computing on."
Not used Vista or anything from Adobe?
I'm not saying iTunes+Windows!=crap, but it's in some pretty good company.
My first assumption was that the software he is referring to is iTunes...
Do you think?!
Most iPhone users I know have been happy with the simple jailbreak procedure and certainly won't be patching. They have control of their phones, something they have never had on an iPhone.
surely there can be no bugs like this in anything from 'apple'
after all, this is 'apple' we are talking about...
What is more shocking......
Is that the Adobe reader was not affected, I mean forget everything else, Adobe NOT affected!
These are words I didn't think would go together in an article about malicious PDF files :-)
...For a phone OS?!? You could get the same functionality (minus the phone bit of course) from an Amiga with probably a handful of 880kb disks (minus the fart apps of course!) ;)
in this day and age?!!?! someone think of the children!
And minus :
iPod (audio and video playing)
So, you 800K disks would be just the OS and no flipping good to anyone. Unlike the 378Mb which makes an entire useful device.
iOS 4 runs fine on 3GS
Turn off location services... background apps will keep the GPS running while they're not doing anything which kills the 3GS battery.
Luckily iOS4 gives the ability to set which apps can use location services if you do want to keep it on.
There's also a fix for the exchange sync having too long a timeout which may also keep 3G data services going longer than needed.
They are making a bit of a cabbage out of the patch indeed.
Kidding of course but it certainly looks like all new iPhones are now orphans.
Some patch at 378MB - sounds more like a REBUILD
There is no way such a huge download, presumably compressed, can ever be considered as a 'patch'.
And who gets to pay for this LemonAid download - maybe a visit to an Apple outlet would save users data allowances?
Another tribute to Job's skills in 'under statement' or as some might call it ... lying. And they actually tested Lemon 4 before they released it? Perhaps Job's should hire the hackers to do he testing.
Maintaining the faith can be very testing and expensive.
This is the same with all iOS updates
You get the whole package everytime, not a patch.
Christ you're tiresome.
Another tribute to a poster
Who doesn't know how Apple update their mobile devices.
Jesus Horatio Fogharty CHRIST,
the marching morons are out in force today...
It's a mystery how some of you dribbling imbeciles ever learned how to breathe, let alone type. I don't know why Google even bother to maintain their search engine given how few of you seem to use it.
See that screenshot in the fucking article? That's right: it's iTunes. Running on a Mac or PC. You download OS updates through iTunes, not on your bloody iDevice. 3G charges don't enter into it.
He has a point
No really he does you people are insane, you dont download the patch to your phone you download it to your MAC / PC and install it via that nice white cable.
But untill apple fix the proximity sensor im sticking with my jailbroken phone ta ;)
/me unplugs and hides his 3G dongle before anyone sees it.
I can do both
on my Nokia: download to PC update over USB or download to phone over WiFi, 3G, or GPRS, then it updates itself.
Good for you. What do you want, a medal?
That, Mr Forsyth, was the point wizzing past you...
Not just a patch
All the people commenting about the size of this patch - patches for iPod Touches/iPhones always come as a complete OS download, that way there's no issues with whatever OS the device previously had installed.
'Christ, even Microsoft with the messy behemoth that Windows is can get that bit right.' Do you see the contradiction in that sentence? I'll illustrate for you; 'messy behemoth that Windows is' suggests that Microsoft haven't in fact managed to get that bit right. Do pay attention.
When do the summer holidays end?
Windows patches famous for never suffering/causing any compatibility problems of course.
"What you're saying then is basically that Apple has no fucking clue how to architect an OS properly"
Why don't you get you CV over to them? I'm supremely confident you're the man they need to get them headed in the right direction.
shame poor fools
here, in the Netherlands on my 60Mb internet bundle (DSL? Cable? dunno - don't care) - that download takes mere seconds
And I can see hookers from my window (ok, I have to lean out the window and peer down the street some) and smoke weed legally
now, what was I saying?
um. Shit, forgot. But I am hungry suddenly
I see the bittards, Bytetards, millitards, Megatards and kilotards are out in force again.
The clue is in the 1st letter of each of those words.
Do I Win a Prize?
Blackberry Messenger Milton Keynes?
I take it that all these iPhone owners complaining about a 378MB download....
....are envious of those with more bandwidth, because they are too poor to afford it?
To be fair to Apple...
(and there's a phrase I didn't think I'd ever use)
...they don't describe iOS 4.0.2 as a patch. Suspect it's just easy shorthand for others to report given it fixes one or two things and adds no new features.
I won't be updating. No intention of spending an hour or two downloading a file that size, resetting my phone, then restoring from a backup, just to fix a problem I can likely avoid with some common sense (don't open PDFs).
A Little Information is a Dangerous Thing!
But it's not a problem you can avoid that easily - when you click a link in Mobile Safari, how do you know that link isn't to a PDF (which Mobile Safari opens automatically)?
OK, you can avoid clicking on any links or use an alternative browser, but why not just install the patch? Connect iPhone to computer, accept T&Cs, come back 30 minutes later and all is complete. No need to reset, no need to restore, no need to re-sync anything - job done.
> just to fix a problem I can likely avoid with some common sense (don't open PDFs).
Sadly it's not that easy. Safari on iOS 4.01 and earlier (and probably 4.0.2 as well) opens PDF files automatically without prompting so if they are, for example, embedded in a hidden IFRAME on a web page you're visiting then basically as soon as you visit the website you're buggered.
So you really should upgrade to 4.0.2, unless you want to jailbreak your phone/pad, or you want to stay with OS v3.x, in which case you should jailbreak the phone and install PDF Loading Warner from Cydia, which prevents PDFs being loaded without your approval.
You may say that....
...but the week before last I applied the iOS4 update to an iPod touch and when it failed somehow during the update (leaving me with a device in recovery mode that simply couldn't be seen by the normal PC/iTunes combination no matter what I did) it took me over 9 hours to get the damn thing restored and with all of the contents back on it and to do that required a second entirely separate laptop and clean copy of iTunes.
Now granted it's the first time I've seen anything this bad happen, but clearly there is something that needs to be done to sort out the potential for things to go horribly wrong.
So claiming that all Apple processes just work (tm) is not completely true.
1. Go to jailbreakme.com on your iPhone.
2. Jailbreak iPhone.
3. Load Cydia.
4. Install PDF Loading Warner.
Hey presto, jailbroken phone and a pop-up confirmation each time Safari tries to automatically open a PDF. Takes 3 minutes instead of 30, no need to reset, no need to restore, no need to re-sync. Job done.
Does a better job than 4.0.2.
Had a similar prob with this update and it is reported on the Apple forums - fortunately only a quick reset/ restore/ leave to sync (and go to bed) sorted it. I suspect at busy times Apple's verification server gets a bit flaky and terminates the process.
Somewhat to my surprise, the unbacked up video I had on the phone was not lost.
And the rest ?
And how long do we have to wait for Apple to fix all the other iOS 4 bugs ?
You can edit your details. Not you? Then log in here.
It's not a patch, it's a full version of the OS. Even a dribbling imbecile like me managed to work that one out.
And I think he was actually attacking the posters for 'not being clever enough' to establish the facts before sprouting crap.
I think the percentage of smartphone users who don't own a PC/Mac could be counted on one finger, so what's the problem with buying a phone that requires one?