Former employees criticized Apple that iOS users were left with serious vulnerabilities known for several weeks
On April 22, 2014, Apple released the latest iOS update "iOS 7.1.1" and OS X security update. Although it contains fix patches for multiple serious vulnerability issues such as SSL, former employees at Apple's security team said "Apple has left severe vulnerabilities for several weeks," Apple We are complaining about the dangers of products.
Security Update 2014-002 (Mavericks)
Apple + Patching = You're Doing It Wrong :( | Kristin Paget's Blog
"I have worked for a year on Apple's security team"White hat(Hacker of good intentions), Kristin Paget focused on 16 WebKit-related vulnerabilities among the vulnerabilities fixed in the latest security update of iOS 7.1.1 released on April 22.
Below is a list of vulnerabilities fixed in desktop version Safari 6.1.3 and Safari 7.0.3 released three weeks ago. In comparison, there are many common things such as "CVE - 2013 - 2871" "CVE - 2014 - 1298" "CVE - 2014 - 1299", this means that after vulnerabilities are corrected in Safari Also shows that the vulnerability was neglected over iOS for 3 weeks.
Among the vulnerabilities are the ability to execute malicious code on iPhone and iPad without being noticed by users "Black hat(Malicious hacker) "that included what was given. The schedule and the delay in responding to fixing the desktop version and releasing patched patches to iOS in this way arereverse engineeringGiving time to do, patch has given a great opportunity to develop tools to attack products that have not been released Padget pointed out. "What is exactly Apple doing without a joke?" "Why is such a business accepted all over the world?" Is critically criticizing.
Apple products with two platforms iOS and OS X have features that can be synchronized by iCloud. Therefore, even if the latest version fix patch is released, on the other hand it is a schedule that the same vulnerability is neglected, so Paget said "I will not synchronize OS X and iOS products on the day of the update release Today, when a fix patch is announced, you should compare security update pages and cross check it. "
in Software, Posted by darkhorse_log