Linked by Thom Holwerda on Mon 1st Apr 2013 12:25 UTC
Apple "Last Friday, The Verge revealed the existence of a dead-simple URL-based hack that allowed anyone to reset your Apple ID password with just your email address and date of birth. Apple quickly shut down the site and closed the security hole before bringing it back online. The conventional wisdom is that this was a run-of-the-mill software security issue. [...] It isn't. It's a troubling symptom that suggests Apple's self-admittedly bumpy transition from a maker of beautiful devices to a fully-fledged cloud services provider still isn't going smoothly. Meanwhile, your Apple ID password has come a long way from the short string of characters you tap to update apps on your iPhone. It now offers access to Apple's entire ecosystem of devices, stores, software, and services."
Permalink for comment 557286
To read all comments associated with this story, please click here.
RE[3]: it happens to everyone
by Alfman on Tue 2nd Apr 2013 00:21 UTC in reply to "RE[2]: it happens to everyone"
Alfman
Member since:
2011-01-28

Tony Swash,

Do you have evidence at all that IOS as an operating system is technically more secure than any of the other mobile platforms or are you claiming things merely because they fit within your world view? It's a serious question. Please provide a source with real details explaining exactly how the IOS operating system is more secure without any of the usual apple fanboy spin-doctored BS.


As for the walled garden, the iphone store moderators are notorious for scrutinizing applications based on morality and banned functionality, but what indication do you have that applications get any attention from a qualified security expert?

It's not like vulnerable iphone applications are unfounded or rare. I'm citing a few examples here, but known IOS app vulnerabilities are not rare. These aren't apple's own vulnerabilities, but it does show that apple's guardians are not doing a great job of vetting app security in the apple store. It would seem apple isn't as good at security as independent security auditors.

http://seclists.org/fulldisclosure/2013/Feb/91
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2012-10/msg0...
http://packetstormsecurity.com/files/120397/VL-864.txt
http://seclists.org/fulldisclosure/2013/Mar/8
http://www.exploit-db.com/exploits/24484/
http://cxsecurity.com/issue/WLB-2013020090

Apple's own IOS software has had it's own history of serious vulnerabilities as well. Some of these flaws are actually what permit us to jailbreak the iphone(s) in the first place.

http://browsers.about.com/b/2007/08/02/iphone-update-fixes-serious-...
http://blogs.mcafee.com/mcafee-labs/iphone-dos-vulnerability
http://securitywatch.pcmag.com/apple/283835-iphone-ipad-jailbreak-w...
http://www.pcworld.com/article/169436/Black_Hat_Reveals_iPhone_SMS_...
http://www.computerweekly.com/news/1280090073/Apple-races-to-fix-iP...
http://theiphonewiki.com/wiki/AT+XAPP_Vulnerability


I'm not a security researcher myself, so I cannot say how IOS stacks up to android or anything. But the OP was onto something when he said it happens to everyone.

Reply Parent Score: 6