back to article Apple fixes iOS 9.0.2 passcode loophole, kills 101 OS X security bugs

Apple has posted a trio of software updates to address major security flaws in its OS X and iOS operating systems. For iOS, the 9.0.2 update will include a fix for a highly publicized security flaw with passcodes: someone can bypass the passcode screen on iPhones and iPads using Siri's voice commands to access photos and …

  1. Brian in Seattle

    So it's still in beta then?

    1. diodesign (Written by Reg staff) Silver badge

      Re: Brian in Seattle

      What El Capitan? No. Not any more.

      C.

    2. Anonymous Coward
      Anonymous Coward

      Is that making a point about a release of ios fixing a load of bugs one week after fixing a load of bugs?

      1. Lee D Silver badge

        The "Say something to Siri allows you to unlock the phone" bug has been fixed almsot every update in various forms since iOS 7.

        My colleague was an Apple fan and didn't believe me when I was telling him about them. He said something like "Call Mum" in the same room as his (locked, default settings) iPhone, and it unlocked, silently dialled the caller, and just sat there transmitting what we were saying to his mother.

        It also allowed, if you swiped/pressed the right parts, you to get into apps that were supposed to be "locked".

        So this is not only a fix to a fix, but a fix to a fix to a fix to a fix to a fix, all hitting the exact same class of bugs - that Siri just unlocks your phone and tries to hide your stuff rather than runs in a actual separate space when your phone is locked.

        1. Mike Bell

          It's a feature. There are legitimate cases where you'd like this to happen hands-free. You can enable or disable the option in Settings.

      2. This post has been deleted by its author

  2. Anonymous Coward
    Anonymous Coward

    El Capitan upgrade nukes the recovery partition..

    I'll have a look at the iOS update in a minute, but be careful with El Capitan - in my case it didn't upgrade the recovery partition, it removed it.

    Here's what you best do after downloading it:

    1 - abort the installer

    2 - (optional) copy the installer to somewhere else as well

    3 - get a USB stick of at least 8GB and turn it in into a bootable copy*

    4 - make a full system backup using Carbon Copy Cloner or equivalent, then upgrade.

    Note: the process of creating a bootable USB stick takes time, a LOT of time (no idea why). I used a USB3 USB stick and it still took 20 minutes of apparent inactivity. If I hadn't been busy with something else I would have aborted it already, so just let it be for half an hour or so.

    * be warned: the author may have written a good article, but has also seen fit to place an auto-playing video on the site, demonstrating that you can be a good author and a jerk at the same time.

    1. Dan 55 Silver badge

      Re: El Capitan upgrade nukes the recovery partition..

      That's a shame, I set it off updating about 10 minutes before reading your post.

      But wasn't that a problem with a beta version of El Capitan that was addressed with something called "El Capitan Recovery Update" that appeared in the App Store? (By "El Capitan Recovery Update" I assume they mean "Oops, fuck, we blew away your recovery partition, this makes it again update".)

      1. Anonymous Coward
        Anonymous Coward

        Re: El Capitan upgrade nukes the recovery partition..

        But wasn't that a problem with a beta version of El Capitan that was addressed with something called "El Capitan Recovery Update" that appeared in the App Store?

        Oh, cool, I'll have a look at that in a minute*. However, it doesn't bother me that much, I decided to use the occasion to do a complete rebuild from the ground up this weekend - I only did the upgrade to see what it looked like (the whole system is already backed up).

        I haven't done that since 10.9 because I didn't have the time but it's good to sweep out the corners every so often (I haven't been as tidy on this machine as I should have been). In my Windows years that was more or less mandatory every 6 months to keep things moving at speed - I never had much luck with defragging registries :).

        What *does* bother me is the removal of the secure trash facility. It means I'll have to set up a Veracrypt archive to handle client files, I find FileVault too much of a pain to recover when it goes titsup.

        * Update: it doesn't exist in my country's App Store (not using the US or UK one, which means I get Terms & Conditions in a mix of languages :) ). I suspect they pulled that now the beta is finished. Oh well.

        1. Dan 55 Silver badge
          Facepalm

          Re: El Capitan upgrade nukes the recovery partition..

          Impact: The "Secure Empty Trash" feature may not securely delete files placed in the Trash

          Description: An issue existed in guaranteeing secure deletion of Trash files on some systems, such as those with flash storage. This issue was addressed by removing the "Secure Empty Trash" option.

          https://support.apple.com/en-us/HT205267

          So Apple's response is fuck you if you've got a HDD.

          Try saving inside an encrypted disk image and deleting that when you've finished, unless they've removed that from Disk Utility too.

    2. Anonymous Coward
      Anonymous Coward

      Re: El Capitan upgrade nukes the recovery partition..

      … demonstrating that you can be a good author and a jerk at the same time.

      I had occasion to communicate directly with another author who works for the same site, and discovered that he too hates the auto-playing videos imposed upon him by his employer's policy. So don't (necessarily) blame the author.

      Because of its user-hostile design, that site is no longer on my list of RSS feeds, so thanks for the link to a page which I would not otherwise have seen.

    3. Dan 55 Silver badge

      Re: El Capitan upgrade nukes the recovery partition..

      It's there in the release version, but you have to use diskutil list from a terminal to see it. Disk Utility has had a Fisher Price makeover.

  3. Charlie Clark Silver badge

    App Store is broken for me

    For a couple of weeks now: can't install upgrades for anything that requires a login including XCode and any free or paid apps. :-(

    Spent about two hours on the phone with Apple Support last week including providing a system trace. No fix yet in sight.

    Still Safari was able to update: woot! I feel so empowered!

    As for El Capitan: it almost always pays to wait for the first patch release with anything Apple. And ITunes is like Apple's Internet Explorer: every new version of the OS seems to come with a worse version of it. Please Apple: learn from Microsoft's mistakes on this and stop trying to cram services into this overblown WebView toy.

    1. Anonymous Coward
      Anonymous Coward

      Re: App Store is broken for me

      And ITunes is like Apple's Internet Explorer: every new version of the OS seems to come with a worse version of it. Please Apple: learn from Microsoft's mistakes on this and stop trying to cram services into this overblown WebView toy.

      You'll love the new Safari then: they've taken away the one-switch ability in Preferences to put all plugins offline in one go, God knows why. It's a good thing I changed to FF a while back.

      1. Mike Bell

        Re: App Store is broken for me

        Ah, that old killer feature again. The world's going to stop spinning. Everyone loves a rational decision.

      2. Charlie Clark Silver badge

        Re: App Store is broken for me

        You'll love the new Safari then

        I'll never notice because I never use it. Just tried it and every time I tried to open a bookmark it asked me if I wanted to add the link to "sent links" and refused to open the site unless I do. It then fired up Thunderbird, which isn't my main mail client. What is going on?

        1. Dan 55 Silver badge

          Re: App Store is broken for me

          It sounds like there's a problem with RSS feeds. Would RCDefaultApp help?

  4. Anonymous Coward
    Anonymous Coward

    Just tried it and every time I tried to open a bookmark it asked me if I wanted to add the link to "sent links" and refused to open the site unless I do. It then fired up Thunderbird, which isn't my main mail client. What is going on?

    I'm not tech support, but it sounds to me that you have been fiddling with the dials a bit much and created some dud associations. I'd kill Safari, then rename ~/Library/Safari to something else and see what else blows up. But that would be my approach - you're welcome to just continue dissing Safari instead :)

    1. Charlie Clark Silver badge

      I'm not tech support, but it sounds to me that you have been fiddling with the dials a bit much and created some dud associations.

      Good job you aren't tech support as I haven't been "fiddling with any dials".

      Curiouser and curiouser: the bug only seems to affect bookmarks (all set by Apple) in the News folder.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like