Apple releases iOS 9.3, with fix for a big iMessage security flaw


#1

[Read the post]


#2

A new feature, dubbed Night Shift, adjusts the device’s light exposure based on the time of day. Using your iPhone or iPad’s clock and geolocation, the light shifts towards a warmer end of the spectrum, making it easier for the user’s eyes to adjust for sleep.

Very pleased for myself and my darling Wife that likes to read herself to sleep nightly.


#3

I tried f.lux for a while on my desktop but eventually turned it off, it was too much of a pain in the ass. It might go better with a smartphone depending on usage patterns or when reading text, I don’t know. f.lux for me was basically the same as the new year’s gym membership or the car cover that I bought and used six times max: good on paper, less so in practice.


#4

Sadly, f.lux for android is in beta and requires root (fine for me, not fine for many). The alternatives in Android also are not as effective. My daily driver is Cyanogenmod 12.1, which has Night Mode, but sadly (to my knowledge at least), it’s not automatic based on sunrise/sunset, like F.flux and this alleged iOS addition. I recall reading about code for it being in Android 6.0 Marshmallow, but I don’t know if it was implemented, plus how many people beyond nexus users have Marshmallow yet. le sigh.

Good show Apple, you win this round.


#5

Not quite. On the eve of the hearing, the FBI has found a way to unlock the iPhone.


#6

Good thing it’s an iPhone 5c and not a tablet, otherwise the FBI would be breaking the DMCA. Right guiz, right. Sounds like an interested 3rd party came in to lend the Feds a hand, which make me wonder who it was that sold out.

In regards to the topic at hand, however, namely the adjustment of a mobile device’s display color temperature to reduce eye strain and sleep cycle disruption, I believe Apple successfully implemented a solution readily available to the unwashed masses more quickly than the folks running the Google machine, much to my chagrin.


#7

I expect Xeni will post on this soon, but I wanted to spread the word – US Magistrate Judge Sheri Pym has cancelled Tuesday’s hearing on Apple’s response to the All Writs Act-based order for Apple’s assistance in accessing Syed Farook’s work iPhone. She has also tentatively stayed that order.

And, oh yeah – she did so at the request of the FBI. (Apparently the FBI has found another option.) (Uh-huh.)

So, at least for now…


#8

or all our iPhones are now insecure (depends what the method that has been brought to them works on)


#9

Maybe. Or this might just be a delaying tactic, if the FBI and friends figured they were going to lose at Tuesday’s hearing. (Weeks/months/next administration from now, they can claim that the alt method didn’t pan out and they once again need to compel Apple’s assistance.)

Or maybe you’re right, and the alt method is effective. Today’s action by Pym still has the effect of putting this Son-of-Clipper-Chip struggle on ice for a while.

Or maybe ::shudder:: it’s worse than any of that… If Apple’s signing cert secrecy has been breached, p’bly everybody’s has.


#10

Interesting, how the FBI decided to announce they may have broken Apple’s security on the same day of Apple’s big launch and announcement of new security measures and upgrades. The FBI may not have broken the phone, but they found a way to fuck up Apple’s brand, their launch, their press coverage, and their stock price.


#11

Is the android app Twilight significantly worse than f.lux? Goes by the clock, set-and-forget; just have to remember to “pause” it when installing apps because Android no like screen overlays when it’s asking the user’s permission.


#12

I absolutely completely cannot use a phone or computer at night without Flux or equivalent. Makes me tense up.

And on a sidenote, I’m not sure many kudos are in order for Apple, who’s been very actively preventing their users from using this incredibly useful bit of technology for years. If anything they get a big middle finger from me for making jailbreaking so increasingly difficult. And there’s lots of other tweaks like Flux that I like just as much (ability to hold the Home button long to turn on/off the flashlight and triple press to active the camera, openSSH and iFile, ability to extend the sudo period after Touch ID, and much etc), which so far has kept me on iOS 8.4, since they’ve blocked jailbreaking on later OS’s.

F-U Apple!

At least they’re smart enough to steal innovations from the jailbreak community, like Control Center and now Flux.

I know I should just jump ship to Android, but I like my iPhone, I just hate so many things about Apple’s walled garden approach.


#13

You realize that jailbreaks require fundamental security flaws and exploits? Have you been following the FBI story even a little bit? The same flaws that let you install some random-ass string of code will let anyone else do it too. Remember the untethered jailbreak a few years ago that you launched from a browser in mobile safari? It was super convenient and easy and that should scare the shit out of you.

Even if you are more modestly suggesting that people should be able to install unsigned apps, look at the Hong Kong protestors (many of whom somehow ended up running a version of a popular chat app that was engineered by the government to have a backdoor built in for spying).

Edited to add: in fact I cannot think of any secure digital environment that isn’t also simultaneously a " walled garden". From corporate intranet (ever work at a company that doesn’t give you local admin on your workstation?), to the president’s blackberry, to iOS 9.3, it should be obvious that security requires certain sacrifices.


#14

This.
The increasing difficulty of jailbreaking iOS is, for now, a good sign with security.

The other problem is that people want (demand?) that their phone just work all the time, with no hiccups. There is zero tolerance (from the general public) for a phone acting oddly. So: Apple, in order to try to provide that experience (and gain/hold customers) has decided to use a walled garden. It is the price for things working like this.
And Android? Yeah, no thanks. I might not have the freedom to install any bit of code I’d like, but I also don’t have to worry every time I install something that it’ll steal all my data and track everything I do. That’s a cost I’m currently ok with paying.


#15

I’ve been thinking about why am willing to put up with these things on the PC side of the fence. One, My desktop computer Lives under lock and key inside my house. Two, my computer has extra resources to run things like antivirus scans.

One of the things that I feel Apple did correctly when they released the iPhone was establishing a separate and unique operating system for a separate and unique operating environment.


#16

Actually you’ve needed to authenticate to install any jailbreak for quite some time, assuming you have “find my iPhone” turned on. It’s far from possible to execute “some random ass string of code” without the owner’s permission.

And your comment about the Hong Kong protesters has nothing at all to do with jailbreakkg. Furthermore there have been exploits even in Apple’s App Store (xcodeghost).

That’s just laughably absurd. FreeBSD, Mac OS, Ubuntu, the list goes on and on. That’s not to say that it’s impossible to install malware in those environments, but it sure won’t happen without the user doing it themselves.

Your implicit argument that the only secured environments are ones where the user simply has no choice in the matter is a dangerous one and is leading to a world of greatly diminished choices in computing. We see the same fud invoked about kiddie porn on the internet every now and again. Think of the children! We need to censor the internet, for the kids!

I think we don’t. And with clearly marked exits from the walled gardens of the world, those advanced users can continue to make choices about their devices. They’ve been doing it for years and the world hasn’t ended yet.


#17

You just proved my point. Anyone with super user permissions can do any number of things to compromise security on a system. That’s why things like permissions exist, and that’s why IT departments have things like security policies and procedures. Remember that CA hospital that had their drives maliciously encrypted by ransomware?

A perfectly secure environment requires users with perfect information about the code they are executing (or even think they are executing… don’t forget about code that people are tricked into executing though social engineering and misrepresentation).


#18

I guess this is where we differ. If I understand you correctly, you hold that “perfect security” trumps all, even at the expense of a drastic reduction in functionality. I disagree with you there, and am willing to take some responsibility for the security of my device. Especially since the number of times the security of any iOS device has been breached is infinitesimally small. In fact the number of exploits that have ever existed for jailbroken iPhones is similar to the number that have made their way into the App Store.

Furthermore even if I decide to take some responsibility for the security of my device and jailbreak it, it doesn’t affect anyone else in the slightest. Which leads us to:

This isn’t a good analogy since even if one phone is compromised it wouldn’t affect the others on the network. Or maybe you have a counter example? Without one you’re just being alarmist.

Personally I think the reason Apple is so concerned with jailbreaking is simply that they want to force people to buy apps from their store. I know at the moment they’re getting kudos for being security conscious, but consider this: before iOS 9 Apple built in a laughably stupid way to disable the lockout period after entering a wrong passcode. Here’s the sequence that does it, built in by good ol Apple (copied from here):

  • Access the Emergency Dialing Interface and dial 112
  • Press home button to get back to interface “slide to unlock”
  • Press the bottom of the keyboard
  • Slide the screen up to get to the calculator
  • Then there appear a green stripe on top of the screen, which will show “the line is busy now”
  • Press the green stripe indicate to get back to the calling interface. In the middle of the screen there is the address book
  • Press the home key and address book simultaneously to access to infinite unlocked situation

Bam, no more security, and you can enter as many passcodes as you want without any lockout period. Does that sound like a company that’s super concerned with “perfect security”? It sure doesn’t to me. I know they’re getting kudos for being security conscious now, and they deserve it for their heroic stance, but like everything Apple does its mostly just marketing.


#19

This topic was automatically closed after 5 days. New replies are no longer allowed.