Intego's "Year In Mac Security" Report

david.emery notes the release of Intego's "Year In Mac Security" report (PDF), adding: "Mac OS X and iPhones that haven't been jailbroken fare pretty well (although vulnerabilities exist, there's not been a lot of exploitation). Apple does come in for criticism for 'time to fix' known vulnerabilities. Jailbroken iPhones are a mess. The biggest risk to Macs are Trojan horses, often from pirated software."

'Pretty well' isn't good enough

Apple doesn't care enough about security.

WTF, people.

The ability to jailbreak is a security hole. Last I knew the techniques people use are remote code execution.

For example as I recall the 1st gen jailbreak was to get a specially crafted TIFF file that exploited a buffer overflow when a page was loaded in Safari. Stop and think about that for a minute. This is the kind of behavior you don't want to be possible. Yet in the reality distortion field, it's a great thing suddenly. Users are totally unconcerned about this.

I'm not sure if the exploit mechanism has changed since then, but... Personally, I stopped paying attention to iPhone when I witnessed that.

Re:With great freedom comes great resposibility

[iamhassi]

"The problem is that the Iphone is the only phone where "jailbreaking" is necessary to get basic functionality working"

Correct. Something as simple as deleting a call is not possible on the iPhone without jailbreaking, which is shocking because on every cellphone I've used in the past 10 yrs I've had the ability to delete a phone call from the call log and it's a feature iPhone owners have been asking for since 2007. If you want to remove a single call you have to delete the entire phone call log

Honestly I don't know how anyone can use their iPhone without jailbreaking it, unless they're not really using it as a smartphone so they're not installing applications, using data, etc.