The recent iOS 11 updates are a little patchy when it comes to security

Subject: General Tech | December 4, 2017 - 01:45 PM |
Tagged: security, ios 11, apple

Two issues have arisen with the recent patches Apple released.  The first issue is the possible return of the blank root password issue, as it seems if you install the security patch before upgrading your Mac from 10.13 to 10.13.1 you are once again vulnerable.  Thankfully the fix described at The Inquirer is rather simple; reboot if you have recently upgraded and the patch will reinstall.

The second issue is a little more complex and harder to solve.  The Register heard from a security researcher about an issue that the new iOS update creates, the ability to create a brand new encrypted phone backup without needing the password of the current backup.  Previously once you created a backup of your phone on iTunes, you needed to enter the password you chose at that time in order to create a new one.  With the new iOS that is no longer necessary, you can create a completely new one at any time, a problem if someone circumvents the devices PIN as that backup contains a huge amount of data about your phone as well as any and all software on it.  As the backup can be stored remotely, this gives an attacker all the time in the world to peruse any accounts and passwords stored on your phone.  It doesn't seem like this is something Apple plans to fix, either.

Encrypt-iPhone-backup-copy.png

"Oleg Afonin, a security researcher for password-cracking forensic IT biz Elcomsoft, in a blog post on Wednesday called iOS 11 "a horror story" due to changes the fruit-themed firm made to its mobile operating system that stripped away a stack of layered defenses."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Register