Wow
That's....bad! Move a slider in a browser, and root the fecking device? Nice security!
Apple plans to issue fixes for two security flaws that when exploited together allow attackers to remotely install malicious apps on iPhones, iPads, and iPod touches. Although the critical vulnerabilities surfaced over the weekend, Apple officials didn't acknowledge them until Wednesday, the same day the German government …
Was it really needed for you to bash Microsoft/Adobe in a post about Apple? The entire issue is about Apple, so why bring up MS/Adobe at all? Is the PDF reader on the IOS Adobe or Apple? Is the ISO a MS product? Nope? Then I see no reason to detract from the fact Apple are lackluster when it comes to security by trying to fawn MS/Adobe as evil companies who let your OS be taken over 24/7 at a whim.
You get upset because they make a reference to all the past failures of Adobe and MS when someone who hasn't had a track record for failures fails? In fact, it added some information to the article because it made it clear this was Apple's code and not Adobe's PDF code.
Apple still FAILED in my eyes... I won't BUY an Iphone/Itouch. It was cool however, someone tossed their broken Iphone 3Gs that only needed a new screen and LCD. It cost me $55US plus 4hrs of research on installing the parts.
1. Apple failed by not allowing bluetooth transferring of files to a phone or PC.
2. Apple failed by not using the universal MICROUSB cables. ( You are stuck with purchasing overpriced propietary APPLE cables and adaptors).
3. Apple failed by their warranty program (mainly because they are replacing each new release phone with one with either faster processor or bigger hard drive space with minor cosmetic changes every 12 to 16 months).
I won't be surprised if Apple now make a new Iphone version in 2012 with a new proprietary power/sync cable that cost 50 bucks and all cables from version 1 to 4 obsolete.
What do you think happens when you visit a website? What do you think an HTML file is, if not a - y'know - file? The iOS browser brings PDF up to a first level file along with HTML, JPEG, PNG and so on - that's the only difference here.
To be fair, I work with the guts of PDF on a daily basis and some of the legacy stuff there (parsing Type 1 fonts or some of the freaky CCITT variations etc) is just awful, so there's more room for error parsing PDF than JPEG.
I'm also surprised on a device like this that Apple aren't flagging the data area as no-execute, which neuters this sort of buffer overrun. I guess not, so we won't see the last of these.
So relations will already be strained between the two. And there's enough of a history of PDFs and Acrobat creating gaping security holes that it wouldn't be hard to get Apple's PR guys to start saying why PDF support isn't necessary.
Plus the iPhone isn't exactly a business device anyway, so I can't see the absence of PDF support being a problem for most users.
And there are PDF-> other format converters all over the web, so Jobs would just tell you to use one of them (or rather Apple's pay-to-use certified version).
Who found the exploit first - Jailbreakme.com or is the German Federal Office for Information Security?
Whilst the Jobs gang plays catch-up what are they doing about fixing all the other iOS problems such as Bluetooth. etc? Mind you, Jailbreakme.com did manage to actually get Apple to admit they have 'issues' with the Lemon ware.
IIRC Safari wasn't updated for iOS4, so this is likely an old exploit that they've been saving for the launch of new hardware to make jail breaking as painless as possible, especially now that it's legal in some places.
It's the same with the custom firmwares for the PSP, hackers find various exploits but they don't release them in case Sony fixes them in the next firmware. Then the hackers use the flaw to attack the latest firmware when it arrives.
I jailbroke (is it a verb now? ;) ) my old 3G the other day. I'm still not very impressed with Cydia or Rock, they seem to spend 99% of their time downloading lists of updates, which takes ages. Plus the stability and usability of the emulators on there is really rubbish, as are the high prices.
Uh oh, I've been strenuously avoiding an upgrade to iOS 4 on my 3G, due to all of the issues it seems to be causing people...
Now it looks like I'll have to take the plunge to get this fix...or simply get an iPhone 4. Which I was holding off doing until the white ones came out.
I have, on these forums, previously defended Apple's desire to only support one release of the iOS at a time. It makes sense, in the scheme of things. But I'm really hating it right now...would love a fork for iOS 3 support. Failing that Apple, can we get an iOS 4 that configures itself minimally for 3G/GS users, with no multitasking, no Spotlight, etc.?
I have a 3G, I upgraded to iOS 4... I had it for a week before spending several hours downgrading back to 3.1.3 due to speed issues.
Simply put the 3G cannot cope with iOS4, camera took 30 seconds to load first time, 20 seconds after that, Settings took 10 seconds, Messages longer... and keyboard response was piss poor... Typed whole sentances then wait for all the key presses to register before contuinuing...
I really cannot advise you strongly enough NOT to upgrade.
...whereas most browsers automagically run Flash unless you tell then not to.
Which is worse, knowingly running something that obviously has script inside it or opening something that doesn't?
(Just for the record, I've turned Flash off. It's mostly unnecessary, as you can immediately tell once you've turned it off for a while. About 10% of the Flash is important to the working of the page and that's probably my biased view because I watch videos online ;)