The recent iOS 11 updates are a little patchy when it comes to security
Subject: General Tech | December 4, 2017 - 01:45 PM | Jeremy Hellstrom
Tagged: security, ios 11, apple
Two issues have arisen with the recent patches Apple released. The first issue is the possible return of the blank root password issue, as it seems if you install the security patch before upgrading your Mac from 10.13 to 10.13.1 you are once again vulnerable. Thankfully the fix described at The Inquirer is rather simple; reboot if you have recently upgraded and the patch will reinstall.
The second issue is a little more complex and harder to solve. The Register heard from a security researcher about an issue that the new iOS update creates, the ability to create a brand new encrypted phone backup without needing the password of the current backup. Previously once you created a backup of your phone on iTunes, you needed to enter the password you chose at that time in order to create a new one. With the new iOS that is no longer necessary, you can create a completely new one at any time, a problem if someone circumvents the devices PIN as that backup contains a huge amount of data about your phone as well as any and all software on it. As the backup can be stored remotely, this gives an attacker all the time in the world to peruse any accounts and passwords stored on your phone. It doesn't seem like this is something Apple plans to fix, either.
"Oleg Afonin, a security researcher for password-cracking forensic IT biz Elcomsoft, in a blog post on Wednesday called iOS 11 "a horror story" due to changes the fruit-themed firm made to its mobile operating system that stripped away a stack of layered defenses."
Here is some more Tech News from around the web:
- DRAM price surges 85.1 pct this year on restricted supply @ YonHap
- Citrix cracks Windows Store's monopoly on Windows 10 S apps @ The Register
- 10 Tips for Good Smartphone Photography @ Techspot
- Roku Ultra and Streaming Stick+ review: High-end streaming with low-end frills @ Ars Technica
- People Have Spent Over $1M Buying Virtual Cats on the Ethereum Blockchain @ Slashdot
- The 2017 Ars Technica gadget gift guide: Office and desk tech edition
- AVM FRITZ!Box 7590 AC2600 VDSL/ADSL Modem Router Review @ NikKTech
- Dell starts flogging biz laptops with Intel Management Engine disabled @ The Inquirer