We Now Have Proof That Apple Has Completely Lost The Plot When It Comes To Security

You might recall that I’ve been covering a rather nasty exploit in iOS Mail that has been exploited in the wild. Now this and one other security issue was promised to be fixed by Apple a couple of weeks ago. But that didn’t happen. Though the other security issue that I mentioned was confirmed to be fixed in a beta of iOS 13.5, there was not any news about this more serious issue with iOS Mail being fixed.

That changed over the weekend when ZecOps who are the people who disclosed this bug and how dangerous it was, posted this which notes this little tidbit:

MailDemon appears to be even more ancient than we initially thought. There is a trigger for this vulnerability, in the wild, 10 years ago, on iPhone 2g, iOS 3.1.3

All together now…. OMG!

This takes a situation where Apple has dropped the ball and made it an absolute #EpicFail. I say that because you would think that if a bug that is beyond critical in nature, and has existed since February 3rd, 2010 which is the date that iOS 3.1.3 was released, you’d think that Apple would fix that ASAP. But clearly Apple doesn’t see things that way. And now that ZecOps has gone into detail about how this exploit works, you can be sure that an already dangerous exploit has just gone nuclear because every miscreant will be trying to take advantage of this.

Now the good news. Sort of. ZecOps has confirmed that a fix was in the beta that was iOS 13.4.5, which has since become the beta for iOS 13.5. Which means that someday Apple will release a fix for this. But what if you don’t run iOS 13 because you are on an iPhone 6 or older? Will Apple release a fix for this exploit for iOS 12 seeing as Apple has done that in the past? Or will Apple just give the middle finger to those users? We’ll have to see.

It really highlights how much Apple has screwed this up in epic fashion. Not fixing an exploit that has existed for this long and is clearly not trivial shows that Apple absolutely doesn’t take the security of its user base seriously. And everything that Apple says about security are just talking points that sound good, but don’t actually mean anything. I have to say, it’s stuff like this that makes it increasingly more difficult for me to want to spend Apple money on Apple hardware and services going forward. And I am sure that once this news gets out, many other people will feel the same way.

One Response to “We Now Have Proof That Apple Has Completely Lost The Plot When It Comes To Security”

  1. […] reinforces what I said yesterday, which is that Apple as lost the plot when it comes to security. I say that because when a nation […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: