[Vincent Ferrari]

http://www.appleinsider.com/article...ms_exploit.html

"Responding to a dangerous security exploit unveiled this week, Apple released an update to its iPhone operating system Thursday to patch the security hole. Firmware 3.0.1 is now available for the iPhone, iPhone 3G and iPhone 3GS through iTunes. The update is around 300MB. There is no indication that there are any new features or fixes other than the text message exploit patch. Earlier Friday, it was reported that Apple would release a fix for the exploit Saturday, but the iPhone maker beat that deadline Friday afternoon."

'Nuff said.  Go update.

Now!

[Vincent Ferrari]

http://www.appleinsider.com/article...ms_exploit.html

"Responding to a dangerous security exploit unveiled this week, Apple released an update to its iPhone operating system Thursday to patch the security hole. Firmware 3.0.1 is now available for the iPhone, iPhone 3G and iPhone 3GS through iTunes. The update is around 300MB. There is no indication that there are any new features or fixes other than the text message exploit patch. Earlier Friday, it was reported that Apple would release a fix for the exploit Saturday, but the iPhone maker beat that deadline Friday afternoon."

'Nuff said.  Go update.

Now!

[doogald]

This actually underscores a major problem that I think that Apple must fix - they are crappy when it comes to responding to security issues. As I understand this issue, this SMS security hole was reported to them months ago, and it took the announcement of a public unveiling at a conference this weekend for them to finally fix it. In fact, they updated iPhone OS to version 3.0 without fixing this problem. Apple doesn't seem to have the fire under their butts to get security issues fixed as a priority one issue. (They sure didn't waste as much time making sure that the Pre could not sync with iTunes, for example.)

However, that said, I believe that there is now a similar SMS exploit for Windows Mobile, and as a WM user I am about 99% certain that I'll never see a security patch for the thing from Microsoft, Motorola or Verizon, ever.

[griph]

Quote:

Originally Posted by doogald

This actually underscores a major problem that I think that Apple must fix - they are crappy when it comes to responding to security issues. As I understand this issue ...
However, that said, I believe that there is now a similar SMS exploit for Windows Mobile, and as a WM user I am about 99% certain that I'll never see a security patch for the thing from Microsoft, Motorola or Verizon, ever.

It seems a little unfair to call Apple crappy when it comes to responding to updates of any type - so far since buying my first iPhone in November 2008 I have had numerous updates - whereas in all the 10 years of owning multiple WM devices there was never any sort of managed upgrade or update service! MS's service is crappy - I have no complaint about apples' service at all.

The reported security flaw affects all WM, Apple and Android devices - Apple have launched their fix - you are right not to hold your breath for a response from MS because there won't be one! Now that IS crappy!

[Vincent Ferrari]

It is a problem for Apple that they took this long to fix it. But seeing as they've fixed it, I now ask BlackBerry owners, Windows Mobile owners, and all the other owners of all other GSM handsets (because they're also vulnerable at this point) when THEY will be doing an update.

Apple took a long time and deserves grief for it.

A long time, however, is better than never, or in the case of Windows Mobile being told to just buy a new device and maybe get the update.

[doogald]

Oh, tell me about it - I am a WM owner and, know that Microsoft was made known of a similar SMS exploit last Monday, I find it doubtful (based on past history) that I will ever see an update for my device from Microsoft, Motorola, or Verizon. I am sure that Microsoft will provide one, but their major problem remains that they cannot control what the handset makers and/or networks do with updates after they are provided, and that's terrible.

Apple, however, has an equally shaky history with security updates on OS X for computers, while Microsoft has become a company that does a very good job getting updates out far faster, and seem to put a higher priority on the updates. (And I think that Mozilla deserves particular kudos for the speed of updates to Firefox and Thunderbird.)

When you see the amount of network activity by iPhones since they were released - it seems far higher than their market share, IIRC - I do believe that Apple really must take these security reports far, far more seriously that they have shown with OS X, and that they did with this one. This one in particular is very pernicious - you cannot turn off SMS on the phone, and I understand that you cannot call AT&T to stop text messaging as a service when you have an iPhone. With this security issue you were only protected if you turned the thing off. At least on the desktop there are tools that you can run to clean the system, turnoff services/daemons, etc. - things that you cannot do on an iPhone.