The recent iOS 11 updates are a little patchy when it comes to security

Subject: General Tech | December 4, 2017 - 01:45 PM |
Tagged: security, ios 11, apple

Two issues have arisen with the recent patches Apple released.  The first issue is the possible return of the blank root password issue, as it seems if you install the security patch before upgrading your Mac from 10.13 to 10.13.1 you are once again vulnerable.  Thankfully the fix described at The Inquirer is rather simple; reboot if you have recently upgraded and the patch will reinstall.

The second issue is a little more complex and harder to solve.  The Register heard from a security researcher about an issue that the new iOS update creates, the ability to create a brand new encrypted phone backup without needing the password of the current backup.  Previously once you created a backup of your phone on iTunes, you needed to enter the password you chose at that time in order to create a new one.  With the new iOS that is no longer necessary, you can create a completely new one at any time, a problem if someone circumvents the devices PIN as that backup contains a huge amount of data about your phone as well as any and all software on it.  As the backup can be stored remotely, this gives an attacker all the time in the world to peruse any accounts and passwords stored on your phone.  It doesn't seem like this is something Apple plans to fix, either.

View Full Size

"Oleg Afonin, a security researcher for password-cracking forensic IT biz Elcomsoft, in a blog post on Wednesday called iOS 11 "a horror story" due to changes the fruit-themed firm made to its mobile operating system that stripped away a stack of layered defenses."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Register

December 4, 2017 | 04:13 PM - Posted by ItsTheTLAsBigSlurp (not verified)

"As the backup can be stored remotely, this gives an attacker all the time in the world to peruse any accounts and passwords stored on your phone. It doesn't seem like this is something Apple plans to fix, either."

And three letter agencies the chance to quantum crack the encription on that stored/encripted cloud backup! The Cloud can hide a lot of that state snooping going on against your personal data and there is nothing stopping the state from copying everyones' stored/encripted backups just in case they need someting on anyone, no legal checks and balances needed! It's one big slurp-a-palooza as the TLA's digital storage facilities fill as they vacuum up that cloud of everyones'/everything all in the background, no need to have physical access to any device!

December 4, 2017 | 06:35 PM - Posted by quest4glory

I guess I'll stop taking pics of my junk.

December 5, 2017 | 12:30 AM - Posted by mehaw (not verified)

In a worst case scenario, an error while your phone or tablet is updating to iOS 11 could effectively brick it, meaning it won’t start up. Fewer things more frightening can happen to a device packed with photos and videos and memories. But, if you’ve been listening carefully, you’ve already made a backup of your phone. You should be able to use this to restore your phone to its state before you tried installing the update, or whichever start it was in when you created the backup.

December 5, 2017 | 08:44 AM - Posted by Lemonsquare

The first paragraph does not make sense - you're referring to a macOS issue, not an iOS one.

December 5, 2017 | 02:05 PM - Posted by Jeremy Hellstrom

Better?

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.