iPhone security too loose

The man who uncovered the security hole that led to Apple’s recent software update of the iPhone has criticized Apple‘s general platform security for the new cellphone as being largely poor, and their attitude “negligent”.

Charles Miller spoke at the Black Hat security conference in Las Vegas the other day and slammed Apple’s security practices. Quoted in a ChannelWeb report, Miller said:

Before they released the patch, I couldn’t really say that much because I didn’t want to give anyone enough to replicate the exploit. It was really frustrating, because a lot of people leapt to Apple’s defense without really knowing the details. Everyone said, ‘Oh, everyone gets bugs,’ and ‘Apple’s good on security,’ and ‘They’re better than Microsoft.’ When you look at the details of this bug, though, the reality is that Apple’s been negligent, I think.”

The criticism extends to the Macintosh as well, and Miller says that the problem stems from Apple’s inclusion of sections of older, outdated, less secure open source code in the newer OS X platform, leaving pre-existing vulnerabilities for hackers to take advantage of.

More on the issue from MacNN.

Advertisements