Hurry up and update!Apple exposes security vulnerabilities

Author:Technology fox Time:2022.08.22

Recently, the fruit has been brushed to the iPhone 14 series from time to time.

However, people are not as good as day. On August 20, CCTV Finance Channel quoted the Associated Press that Apple released two security reports on Wednesday local time.

The report revealed that there are serious security vulnerabilities such as iPhone, iPad, and IMAC.

It is understood that the effect of the loophole this time is very large, including the iPhone 6s and later models;

Five generations and later iPads, all iPad Pro and iPad Air 2;

All MacOS MONTEREY Mac.

Not only that, this vulnerability also affects some iPods.

These vulnerabilities may allow potential attackers to invade user equipment, obtain management authority, and even fully control the equipment and run the application software.

Fortunately, this incident did not have a significant impact. Apple has found the method of repairing this vulnerability, and called on users to install the latest patch to repair the vulnerability of the product.

It is reported that on August 17 and 18, Apple released multiple security updates.

Including iOS 15.6.1, iPados 15.6.1, Macos Monterey 12.5.1, WatchOS 8.7.1 and Safari browser 15.6.1.

There are fox friends who have received the update notification, it is recommended to update.

Product vulnerabilities are as good as home

This kind of security vulnerability problem is not only apple, but the products of Qualcomm, AMD, and Intel have actually had security vulnerabilities, and most of them were repaired quickly.

Sometimes it affects performance, sometimes not.

In 2021, a security researcher at the research institution Check Point said that there is vulnerabilities in Qualcomm's 5G modem data services. Hackers can access users' communication through this vulnerability and even eavesdrop.

In 2020 alone, CHECK POINT found more than 400 security vulnerabilities in Qualcomm Snapdragon Digital Signal Merchants.

Not surprising, no surprise, what level of 400 vulnerabilities?

That is, researchers can find a vulnerability on Qualcomm Snapdragon Digital Signal Processor.

Therefore, it is no wonder that the products of the technology company have a loophole, and it depends on who can clean up the tail.

Sometimes, because the loopholes are broken, the manufacturers are even too lazy to send patch. After all, the user's private computer is not in the hacker's laboratory.

For example, in June this year, the security personnel of the research institutions discovered a loophole in Intel and AMD processors.

The dynamic voltage frequency zoom (DVFS) function is generally used to reduce the power consumption of the processor. Using it plus the active monitoring server response time, the encryption data of users can be stealed by power consumption.

The security personnel of the research institution used this vulnerability to extract all the key in the CloudFlare encryption library CirCl and Microsoft PQCrypto-Sidh in 36 hours and 89 hours.

The frequency frequency function of the disabled processor can alleviate the problems brought by this vulnerability, but this has a serious impact on the use of users.

Not to mention that Intel and AMD did not patch, even if they were patch, the fruit was not used. For fruits, how can privacy security be important.

The reason for the existence of vulnerabilities

No matter how fast these technology giants repair the loopholes is just to make up for the dead sheep. For vulnerabilities, the best way will always be completely resolved before the distribution, and prevent problems before it occurs.

This reason, Fox Friends understand the fruit and understand the technology company, but the loopholes are still common.

On the one hand, technology companies will leave themselves a "back door" to facilitate subsequent response to emergencies.

For the simplest example, mobile phone manufacturers can heat the performance scheduling strategy of user mobile phone processors at any time.

According to the manufacturer, this is "optimizing the user experience", but it does not describe the patch content in detail in the update instructions, allowing users to choose.

Obviously, this is not only "optimizing the user experience", but also to reduce its after -sales cost in disguise.

On the other hand, in the process of product maintenance, the changes of staff are unavoidable, the environmental environment is constantly changing, and the possibility of vulnerabilities has continued to increase.

This is not to help technology companies, but to change the programmers easy to make bugs.

Suppose that a program was originally developed by a ten -person team. A few years later, the original developers all jumped off, and they were not maintained by the former developers. It is difficult for them to fully understand and know each line code.

In addition, the continuous output of new technologies will destroy the old rules. One thing is safe and loopholes when it is released, but after a few years, new technologies may attack the rules of security.

For a more easy -to -understand example, there was no defense for three seconds before O'Neal played the NBA. The center was just under the basket.

Later, the league discovered that O'Neill was too powerful under this rule, so he added the rules of defense for three seconds to prevent him from keeping in the basket.

This principle is the same in the technology circle, and developers cannot expect what will happen in the future. Who is the safer Apple Android?

There are a lot of privacy on our mobile phones, and its security issues are increasingly concerned. Although the vulnerability cannot be avoided, we have the right to choose as a consumer.

Before Apple's two security reports were disclosed, many users felt that Apple mobile phones were safer than Android phones.

Not long ago, the information security service company Beyond IDENTY conducted a survey, and nearly 49% of Android users used iPhone because of security and privacy issues.

At the same time, the results of this survey show that iPhone users are more concerned about information related to mobile phone location tracking.

It is just that after the news is disclosed, it will be reversed because the privacy security chooses Apple users. Coupled with the recent rumors of increasing advertising in Apple, it seems to be on the Android and start to put a bad rhythm.

However, in terms of the current status quo, Apple's privacy security is better than Android.

The first is that the Apple operating system is not open source, and this is greatly improved by the system.

Secondly, Apple can uniformly manage and restrict application developers, and too many Android manufacturers have caused the policy to be inaccurate.

At this time node of the Apple Autumn Conference, users must be most concerned about whether the new iPhone 14 series will be affected by this vulnerability?

Although Apple has repaired the relevant vulnerabilities in time, the user spent five or six thousand or even 10,000 yuan to buy a new mobile phone. The first thing to go home is to get the vulnerability of the vulnerability.

This is not in line with the style of Apple's decent company.

*The iPhone 14 pictures passed on the Internet

If the fruit says, don't blow the security and privacy protection of the iPhone in the future. Not all of them are settled by peers, increasing efforts to urge Android manufacturers to improve, and let manufacturers roll up, which is a good thing for consumers.

Reference materials:

TechWeb: Apple is wrong again! There are serious security vulnerabilities in iPhone, iPad, IMAC and other products

IT Home: The latest vulnerability is hot, hackers can remotely steal the key, Intel and AMD are affected

Edit: black and white

- END -

B -side visual trend analysis

Edit Introduction: Affected by the major environment, lifestyle changes, and many ...

lead the industry!Merrill Lynch ranks first in the list of industrial big data companies

Recently, Internet Weekly under the Chinese Academy of Sciences and Deben Consulta...