Security personnel strongly suspect that iOS/OS X has not synchronized Security Vulnerability fixes

Source: Internet
Author: User
Tags ssl connection

Kristin Paget, a well-known computer security researcher, published an article on the official blog today, criticizing apple for fixing a large number of security vulnerabilities in OS X and failing to release similar security fixes for iOS in time. The iOS security vulnerability is fixed after several weeks. Paget previously worked in Apple's security team and left the company to join Tesla earlier this year.


The official version of iOS 7.1.1 was released yesterday and Fixed Multiple WebKit-related vulnerabilities. These vulnerabilities have been fixed in Safari 7.0.3 released in April 1. Paget believes that the vulnerability fix interval between iOS and OS X systems is too long, which will remind hackers to break through Apple's mobile operating system by exploiting severe vulnerabilities. On the blog, Paget asked Apple: "Apple, do you do this? After fixing vulnerabilities on a product platform, does it take weeks to fix the same security vulnerabilities on another product platform? Are you not aware of this? Apple's iOS and OS X systems use the same kernel to fix only the security vulnerabilities on one platform, which can cause very dangerous user groups on the other platform ."


Apart from the fact that the WebKit security vulnerability has not been synchronized, Apple recently released the OS X update Patch several days after fixing the iOS Bug. On September 6, February this year, Apple released iOS 7.0.6, which fixed the SSL connection verification security vulnerability. Hackers can exploit this vulnerability to intercept secure communication and obtain sensitive information. Apple released iOS 7.0.6 on a Friday, but it waited until the next Tuesday to launch a system patch for OS x, that is, OS X 10.9.2.

This article permanently updates the link address:

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.