Feeds

back to article Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit

Apple has released updates to its iOS and OS X operating systems that address serious security flaws. The company said the iOS 7.1.1 upgrade will include, as well as some stability updates, fixes for 19 security flaws. One of those vulnerabilities is a "triple handshake" error in iOS SecureTransport – which is part of the OS …

COMMENTS

This topic is closed for new posts.
Silver badge
Holmes

Did they fix the bug where you can't use a Swype keyboard?

Not yet?

Tat-tap-tap, fanbois...

10
20
Silver badge

Re: Did they fix the bug where you can't use a Swype keyboard?

Have they fixed the bug where all your personal data are belong to Google?

Christ, most Android device manufacturers still can't be arsed to support any product that's more than about six picoseconds old.

As for Swype: why would I bother with a kludge like that when I can just dictate or connect to a proper keyboard over Bluetooth?

9
14
Anonymous Coward

Re: Did they fix the bug where you can't use a Swype keyboard?

So you don't have any data on the web that identifies you anywhere? Yeh, whatever. I don't mind some data being held by Google/Whomever if it serves my needs.

Also, ever tried using a bluetooth keyboard while walking? Ok. Sure. I'll stick with Swype thankyou very much.

5
5

Re: Did they fix the bug where you can't use a Swype keyboard?

Whoa there keyslinger!! Not once did he mention that he used or preferred an Android device to an Apple one. For all you know he may have an iPhone and just wants to use a swipey keyboard.

So quick to try to fight, let the guy state his opinion without jumping on him straight away. I swear you were just waiting to play holy hell with the first person who posted.

Silly iTroll

5
5
Anonymous Coward

Re: Did they fix the bug where you can't use a Swype keyboard?

Whoa there commentard!!! Anyone that has spent any amount of time here know's that Prough is a massive fandroid who just loves to troll Apple articles. Also Swype.

Silly n00b.

3
4
Anonymous Coward

Re: Did they fix the bug where you can't use a Swype keyboard?

Whoa there anonydroid!!! Anyone who posts on here regularly knows that anonymous cowards shouldn't be calling out those brave souls who let you see their posting history....

As an impartial observer I'd say Prough's original post seems almost totally irrelevant, but Sean bilbo baggins reply is positively spittle flecked. Neither comes out of this looking good, and the discussion thread on a relatively interesting article descends into immature "did", "didn't", "did too!" arguments.

Well done everyone!!!

4
4
Paris Hilton

Re: Did they fix the bug where you can't use a Swype keyboard?

Did you overlook the fact that Google helped point out/fix the bugs in Apples IOS?

Belong to Google? You need to stop believing all the banter and understand the facts.

Have you ever read Apples TOA?

http://www.cnn.com/2011/TECH/web/05/06/itunes.terms/

0
3
Bronze badge

Re: Did they fix the bug where you can't use a Swype keyboard?

Meh -- tried Swype, didn't care for it.

Now, if they'd let me use Swiftkey on my 'Pad... THAT I'd be happy about. S-wype, not so much.

1
0

Re: Did they fix the bug where you can't use a Swype keyboard?

Get a real keyboard!

:p

Sent from my work provided Bold 9900. Keyboard very good, device not so good. :(

0
1
Silver badge
Pint

My Googly Nexus 7...

My Nexus 7 on-screen keyboard is simply awful. It's very close to rubbish, all down to bad programming. The sensitivity in unreliable, and the spell checker is just daft. It even randomly moves the cursor for no apparent reason. Cut and paste code is written by a twelve year old... ...tree stump. My iPhone keyboard is much more usable.

Anyone that doesn't have at least one gadget in each ecosystem is a loser. Except for Microsoft products; you're allowed to simply ignore them. Because they're stupid.

2
2
Silver badge
Trollface

Re: Did they fix the bug where you can't use a Swype keyboard?

@AC - "As an impartial observer I'd say Prough's original post seems almost totally irrelevant, but Sean bilbo baggins reply is positively spittle flecked. Neither comes out of this looking good, and the discussion thread on a relatively interesting article descends into immature "did", "didn't", "did too!" arguments."

This article originally was about iOS updates to the built-in keyboard, but when the new "Triple Handshake" security info became available, El Reg completely changed the article but left the original comments. Now all these comments about iPhone keyboards look pretty silly, but it was still a fair bit of trolling on my part, if I do say so myself. Certainly seemed to get some fanboy's knickers in a twist. And what's more fun than that?

3
2
Anonymous Coward

Re: Did they fix the bug where you can't use a Swype keyboard?

Fair play, it certainly got them biting! Quality troll!

0
0

J...j...j...jerky scrolling...

after you install the update? Anybody else seeing this?

3
3

Re: J...j...j...jerky scrolling...

Killed my mouse gestures after the update. Had to do a second reboot which cleared it.

Struth, two reboots in one month...

0
0

Correction...

...hmmm...only when it's charging though. Fine if you unplug the power. Scrolling returns to normal.

0
0
Silver badge

Re: Correction...

Its fine so long as you dont try charging it????

0
0

Re: Correction...

A bent pin/damaged data cable can cause a grounding issues that will affect the device while charging. Creates issues with touch recognition that only happen while charging and disappear while in normal use.

0
0
Bronze badge
Alert

Which versions of iOS are affected by each issue listed?

I ask because I have never upgraded to iOS 7 (I can't stand the kiddie block flat colouring)...

3
2
Bronze badge

Re: Which versions of iOS are affected by each issue listed?

All of them. As part of Apple's announcement about Heartbleed, they let the world know they were using a 3 year old unpatched SSL protocol. Everything has been wide open for a while.

0
4
Silver badge

Re: Which versions of iOS are affected by each issue listed? (@Bullseyed)

Actually they said "we haven't updated the bundled OpenSSL since 2011". They did not say that any of their code actually uses it.

Apple's code uses its own Secure Transport. Secure Transport does not use OpenSSL. None of the issues fixed today is known to affect OpenSSL.

For those of us that actually read the stories, this was underlined by goto fail, when Apple managed to engineer a bug into its SSL code that didn't affect anybody else.

2
0

I am curious as to why the Google team is working on it's main competitors products?

Yes its nice of them, however as a business owner you've got to question spending resources for someone else to benefit from.

Are we next going to see Microsoft improving the suspend resume code of Linux?

2
2
(Written by Reg staff) Silver badge

Re: why the Google team is working on it's main competitors products?

AFAIA, in most cases: the engines at the heart of Apple Safari and Google Chrome share a common ancestry in WebKit. It so happens that if Google finds a bug in WebKit, it may be present in Safari, too. So either Google tells Apple or Apple notices Google's patches, or the upstream change, and applies the patch, too.

There are corner cases, such as Google engineers competing in Pwn2Own contests with Apple kit.

C.

8
0
Silver badge

Altruism is in your own self interest.

Also, quite a few Google devs use Apple kit on the desktop. Getting bugs in the desktop product fixed protects Google's engineers from being hacked. And since desktop and mobile products share a lot of code, Apple then applies the fixes to its mobile products.

3
1

Well, considering the fact that Google's business are ads, it is in their interest that the ads are viewed without undue interruptions even on Apple's kit.

That and the fact that WebKit engine has shared roots.

4
0
Bronze badge

@Nextweek:

Does it not work for you? Why not post some bug reports or even better some patches? Suspend/resume works for me on rather a large number of systems.

It's unlikely that big G do much that is not in their own self-interest. I suspect that given that flogging ads is pretty much their core business, patching something that is substandard in delivering ads is a sound policy.

Cheers

Jon

0
0
Silver badge

"maliciously crafted applications can execute arbitrary code outside the sandbox"

That's dangerously close to an admission that iThingies can suffer viruses as being pwned...

4
3

Re: "maliciously crafted applications can execute arbitrary code outside the sandbox"

Thankfully the 30 spam messages today containing zip files which contain a file ending in .exe don't seem to have any affect. That's the nice thing about Windows attracting all the ner-do-wells; targeting Mac just ain't worth it for them.

1
1
Bronze badge

Re: "maliciously crafted applications can execute arbitrary code outside the sandbox"

@Wibble

One day you will receive a binary targeted at iOS with a daft name ending in .exe. There are quite a few rotten apples on the planet nowadays and as a member of that group you are a target.

I'm a security consultant amongst other things and I don't feel particularly safe (in an IT way) running my hand crafted Linux systems with all sorts of funky safeguards: I suggest you don't feel particularly smug errr ... safe either. For you (and me) being simply different is no longer good enough to provide protection.

Cheers

Jon

0
0
Bronze badge

Re: "maliciously crafted applications can execute arbitrary code outside the sandbox"

"One day you will receive a binary targeted at iOS with a daft name ending in .exe."

Yes, and? If it ends in .exe it won't run on a Mac or a iOS device unless the user actually does something silly. I see something ending in .exe on a Mac or iOS system, I kill said item. I certainly don't attempt to run it. I've _never_ seen an item ending in .exe on _any_ iOS system except as an attachment to email. This makes it trivial to get rid of them without opening them.

0
0
Anonymous Coward

well yes, but they will not comment about how they find them ..

... and as likely as not at least one, maybe two malicious apps are how they discover flaws.

I doubt you will ever hear that from Apple. Out of sight, out of mind as they say .

1
3
LDS
Silver badge

So OSX can be p0wned through PDFs and JPEGs...

... just like any Windows?

0
2
This topic is closed for new posts.