Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

"We came. We saw. We kicked its ass." -- Bill Murray, _Ghostbusters_


computers / comp.sys.mac.system / Re: Why Apple should provide standalone updates for native iOS apps

SubjectAuthor
o Re: Why Apple should provide standalone updates for native iOS appsAndy Burnelli

1
Re: Why Apple should provide standalone updates for native iOS apps

<ssuodr$h0e$1@gioia.aioe.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=13678&group=comp.sys.mac.system#13678

 copy link   Newsgroups: misc.phone.mobile.iphone comp.sys.mac.system
Path: i2pn2.org!i2pn.org!aioe.org!n4f+oovcZiSGm3Yl2G/OEA.user.46.165.242.75.POSTED!not-for-mail
From: spa...@nospam.com (Andy Burnelli)
Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.system
Subject: Re: Why Apple should provide standalone updates for native iOS apps
Date: Thu, 27 Jan 2022 18:31:24 -0000 (UTC)
Organization: Aioe.org NNTP Server
Message-ID: <ssuodr$h0e$1@gioia.aioe.org>
References: <ssne97$l0al$1@paganini.bofh.team> <ssnr9i$ck5$1@dont-email.me> <ssobtd$pih$1@dont-email.me>
Injection-Info: gioia.aioe.org; logging-data="17422"; posting-host="n4f+oovcZiSGm3Yl2G/OEA.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
X-Notice: Filtered by postfilter v. 0.9.2
 by: Andy Burnelli - Thu, 27 Jan 2022 18:31 UTC

This post made just now to the newsgroups shows factual reasons
_why_ Apple should provide standalone updates for native iOS apps

If Chrome had the serious bug, it would be fixed wholly outside the OS.
But in this case, it's Safari that had the bug - which is shipped in the OS.

What happened was Apple had the fix, but Apple couldn't _ship_ that fix.
If this were _any_ other operating system, the fix would already be there.

The point is that Apple's primitive monolithic OS-release mechanism actually
makes users far more vulnerable than if Apple used a modern release method.

.... ... ... ... ... ... ... ... ... ... ... ... ... ... ...
On 27 Jan 2022 16:24:53 GMT, Jolly Roger wrote:

> these vulnerabilities
> have already been patched

Why are the iKooks so _desperate_ to minimize clearly very serious problems?
*Safari isn't protecting the web, it's killing it*
<https://httptoolkit.tech/blog/safari-is-killing-the-web/>

Fact 1: Apple QA (as usual) completely failed to find these flaws
Fact 2: Apple was told long ago about these flaws (as usual)
Fact 3: Experts all seem to say these are very _serious_ flaws indeed
Fact 4: Yet, apparently, Apple _still_ had no plans to fix the flaws
Fact 5: Exasperated, the researchers finally _published_ the flaws
Fact 6: As a direct result of that move, the flaws were actively exploited
Fact 7: Apple finally decided to fix the flaws when the shit hit the fan
Fact 8: But... *Apple couldn't _ship_ the Safari fix for days*
Fact 9: Because Apple had to wait for the rest of iOS 15.3 to catch up

ASSESSMENT:
Not only did Apple _not_ find the bugs, but the bugs were _serious_ indeed!
*Safari 15 may have a serious security flaw & there's _no patch in sight_*

<https://www.techradar.com/news/safari-15-may-have-a-serious-security-flaw-no-patch-in-sight>

ASSESSMENT:
Worse, Apple had no plans to _fix_ this serious flaw, which is _why_ the
researchers were forced to publish the flaw (to "prod" Apple into action).
*Disclosure of WebKit flaw _prodded_ Apple to undertake repairs*
<https://www.theregister.com/2022/01/21/apple_safari_webkit_indexeddb/>

ASSESSMENT:
The funny thing is that Apple actually had a fix; but they couldn't release
that fix because of Apple's primitive monolithic os-release clusterfuck.
*It's time to make Safari update schedule like Chrome and Firefox*

<https://www.reddit.com/r/apple/comments/rmrm51/apple_safari_engineers_of_reddit_its_time_to_make/>
--
Nobody in high tech has higher MARKETING nor lower R&D costs than Apple.

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor