Apple provides 197 security reasons to upgrade to iOS 6

Apple provides 197 security reasons to upgrade to iOS 6

Summary: Now that iOS 6 is available, Apple has revealed what security vulnerabilities exist and have been patched in its latest mobile OS.

SHARE:

There are now 197 new reasons for iPhone, iPod Touch, and iPad users to upgrade to iOS 6, with Apple closing the same number of vulnerabilities in its mobile operating system.

The company released its security bulletin for the new version of iOS today, revealing what security flaws have existed in previous versions.

Vulnerabilities include three different ways of completely bypassing iOS' passcode lock, and at least 10 different ways of running arbitrary code. The latter types of vulnerabilities are what enable users to jailbreak their devices.

Some of the vulnerabilities are quirks in iOS' design, such as what happens when an iPhone connects to a Wi-Fi network. iOS in this case broadcasts the last networks it has accessed, even if the device is on an unencrypted Wi-Fi network that anyone can listen in on. Another example is that text messages received in iOS trust that the return address of the message was the sender, even though this information can be spoofed. As a result, text messages can be made to appear from anyone who an attacker chooses.

Of the 197 vulnerabilities, 142 are related to WebKit. Apple only recently patched 163 vulnerabilities in its latest release of iTunes, and the majority of those were also related to WebKit. Just as Google found more bugs in WebKit than Apple's own team, Google is responsible for finding 52 of the vulnerabilities that were closed in iOS 6, while Apple found 24.

Topics: Security, Apple, Google, iOS, iPhone, iPad, Tablets

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

23 comments
Log in or register to join the discussion
  • Ohhh

    That must be most of the 200 new "features" in iOS6. The other 3 were ripped from Android. lol
    jamz2277
  • Ohhh

    That must be most of the 200 new "features" in iOS6. The other 3 were ripped from Android. lol
    jamz2277
    • Aren't you clever?

      The answer to my question, by the way, is no. -_-
      Michael Alan Goff
    • Whatever

      Whatever. Clearly you must be bored. Go and do some work.
      roarman75
  • A reason to upgrade right?

    Your security sucks, Apple. And you won't even fix software in 2-year old devices.

    Sayonara, Apple. You won't see me coming back!
    Joe_Raby
    • Huh?

      Apple's promised update period for iDevices has always ended on the second year of it being released.

      iPad gets the OS it is released with, then the iPhone one, then the next iPad one, then the next iPhone one, and then a final iPad one. Anything more is simply icing on the cake.
      Michael Alan Goff
      • Hang on

        So your considered response to Apple announcing nearly 200 unpatched security flaws is "They said it would be like this, you should buy a new device"?
        andy@...
        • No mobile devices are promised to get all updates

          I'm not saying it's great, but it's how it works. Some people bought an Android device last year and might get one update, at some point, maybe.

          It isn't great, but it's how it works.
          Michael Alan Goff
  • And yet the zero day used to pwn them still in ios6

    bad timing for their pr dept.
    Johnny Vegas
    • Your here, but missing from IE6/7/8/9 zero day

      article, why?
      RickLively
      • It's good of you to

        Highlight the IE vulnerability, because you've also neatly highlighted the difference in attitude between MS and Apple. MS will patch the flaw within a month, because it's the right thing to do for their users. Apple patched theirs many months, possibly even a year or more after, because it was the right thing to do for their marketing campaign.

        Oh, and stop dissembling - where someone chooses to post is of less importance than when a software provider chooses to release a patch.
        andy@...
        • IE 7 is only a month old?

          I though it was from Vista, or about 5 years ago. Microsoft (and every other software vendor) knows their software is buggy. But since Microsoft perfected the method of ship it today, fix it later, Maybe, maybe not. That's like the flaws in Windows 8 that are also present in Windows 2000. The flaws were known, but Microsoft calculated the risk was manageable, so the shipped the product anyways.
          Troll Hunter J
          • You make NO sense.

            Windows 8 has little to no code from 2000 (I'd venture to say NO code but I can't say for sure). I don't know of any company that programs security holes in their apps on purpose. Most of those come to light once the application is in the wild. The key is how fast you can patch it. Microsoft has learned from the past that they need to jump on vulnerabilities as they are found. That's why you'll see them patch older software like IE7 if a new vulnerability is found. Good luck getting Apple to do that unless you buy new hardware and can upgrade to the latest software. This will bite them in the rear in the future then they will have to adopt a better patching process than what they have now.
            sej69
  • Apple provides 197 security reasons to upgrade to iOS 6

    And those who have phones that can't run iOS 6 are left in the cold and vulnerable.
    Loverock Davidson-
    • Loverock, also can't get over the IE6/7/8/9 zero day

      He comes over to an Apple article.
      RickLively
      • And

        What of the actual issue of the unpatched vulnerabilities? Keeping them back as the reason to upgrade smacks of having nothing else to use to sell iOS6 or iPhone5.
        andy@...
    • That is probably why they are letting iOS 6 be installed on the 3GS....

      If you still have an iPhone 3, it is time to upgrade, preferrably to a better OS!

      Don't know why they won't let iOS 6 be installed on the iPAD 1. Oh, I know why, because they want you to buy a new iPAD, even though the first iPAD is still prefectly fine. Glad I didn't buy one.
      toph36
    • Phones that can't run iOS6

      A person with an iPhone 3g had likely gotten their money worth by now.
      Michael Alan Goff
    • Like Android

      Sort of like Android that NEVER gets updated unless you buy a new phone. Glass houses dude.
      gribittmep
      • Don't forget the Windows Mobile trolls.

        WM5 to WM6: New phone
        WM 6.3 to WM 6.5: New phone
        M6 to WM (WP) 7: New phone
        WM (WP) 7 to WP 8: New Phone
        See the pattern? If not you need o pull your head from Ballmer's sphincter, and get some air. The lack of oxygen is dangerous to brain cells.
        Troll Hunter J