Slashdot Mirror

← Back to Stories (view on slashdot.org)

iPad Left Vulnerable After Record iPhone Patch Job

Posted by kdawson on from the only-three-million-who-would-bother dept.

CWmike writes "With Monday's iOS 4 upgrade, Apple patched a record 65 vulnerabilities in the iPhone, more than half of them critical. However, the first-generation iPhone and iPod Touch, as well as the much newer iPad, may have been left vulnerable to some or all of the 65 bugs. iOS 4 cannot be installed on 2007's iPhone and iPod Touch, and the upgrade is not slated to reach iPad owners until this fall. The bug count is a record for the iPhone, surpassing the previous high mark of 46 vulnerabilities patched last summer with iPhone OS 3.0. Formerly known as iPhone OS 4, iOS 4 included 35 bugs, or 54% of the total, that were tagged with the phrase 'arbitrary code execution.' It's unclear how many, if any, of the vulnerabilities affect Apple's iPad. The media tablet runs an interim version of the operating system, dubbed iPhone 3.2, that followed the February iPhone 3.1.3 security update. It's possible that some of the bugs patched Monday were fixed by Apple before it launched the iPad in early April. But according to the Common Vulnerabilities & Exposures database, it's likely that many of the flaws fixed on Monday still exist in 3.2."

3 of 145 comments (clear)

  1. Re:They're no bugs in Apple products! by Monkeedude1212 · · Score: 0, Flamebait

    I know! How can they talk about how Apple Products don't suffer from viruses or other Malware when they are patching record numbers!

    The only time I saw more than 65 windows updates in a single download is an XP that was still on Service Pack 2.

  2. Fairly certain the bugs not in Verizon iPad by WillAffleckUW · · Score: 0, Flamebait

    If you have the pre-beta Verizon iPad, the one that is coming out in January 2011 and was shown at E3, you shouldn't have all these vulnerabilities.

    The problems so far are only showing up on the AT&T iPad.

    --
    -- Tigger warning: This post may contain tiggers! --
  3. Re:Webkit is the rendering engine by Alien1024 · · Score: 0, Flamebait

    That may be the case, but I wouldn't bet on it. The rendering engine is the same, but everything else is different - Android is based on Linux, iPhoneOS is based on Darwin. Different platforms, different architectures, different builds.

    Following that reasoning the bugs should also be in Chrome and Safari on Linux, MacOS, Windows...

    Webkit is the rendering engine. If the bugs are in Webkit, then they are in all the products that use Webkit.

    And indeed they were in Safari, which was patched earlier this month.

    I notice my Chrome install got updated around the same time too. But are they the same bugs this article refers to?

    If they are, I wonder why this isn't making headlines on Android's vulnerability -- my Android browser didn't get an update since I bought it months ago with 1.6, and AFAIK the only official way to update Webkit on Android is to upgrade it to a newer Android version when it gets released for your phone.