iPhone Vulnerable - Lacks Security Updates, Doesn't Want to Talk About it ...
Robert Vamosi reports on his news.com site that Apple has not kept the iPhone operating system up to date with patches it has issued for the desktop. The iPhone runs a stripped-down version of Mac OS 10.5 and automatically checks for security updates. The last update for the phone, 1.1.4, was issued in February. That means iPhone users are still vulnerable to a flaw discovered by Charlie Miller in March - that's 4 months ago for those of you who are counting. I guess the most telling piece of information from Vamosi, apart from the fact that Apple hasn't updated this greatest and most innovative piece of hardware the world has ever seen (sic), is his last sentence ...
>> "Apple does not respond to requests for comment on its software security policies ..."
How nice must this be ? When did the rules change ? I didn't know this was an option ! Don't even talk to me about "enterprise ready" and Apple. I want the same set of rules applied to them that everyone else, including Microsoft, has to play by. How many times has Windows Mobile had to jump through every security hoop in the universe to justify a proof-of-concept inside a particular company, but the iPhone/iMac/i-whatever can just glide in on pure marketing and never have to prove a thing. Microsoft has a completely transparent message about our security processes and communicates them regularly to our customers and the press as part of our "Trustworthy Computing" initiative ... on the other hand you have Apple, which "does not respond to requests for comment on its software security policies". Makes me think that they don't have any "software security policies" other than to just patch stuff whenever they get around to it.
Why doesn't the "professional IT media" begin holding their feet to the fire on this stuff a little more ? Why the continued pass ??
