“When Apple announced a new version of its mobile operating system in San Francisco last week, executives boasted of features such as a smarter Siri and improved copy and paste,” Tom Simonite writes for MIT Technology Review. “And as usual they announced that software developers could download a preview version of the software ahead of its fall release.”
“Some security experts who inspected that new version of iOS got a big surprise,” Simonite writes. “They found that Apple had not obscured the workings of the heart of its operating system using encryption as the company has done before. Crucial pieces of the code destined to power millions of iPhones and iPads were laid bare for all to see. That would aid anyone looking for security weaknesses in Apple’s flagship software.”
“Security experts say the famously secretive company may have adopted a bold new strategy intended to encourage more people to report bugs in its software—or perhaps made an embarrassing mistake,” Simonite writes. “That doesn’t mean the security of iOS 10 is compromised. But looking for flaws in this version of the operating system will be much easier, says Jonathan Levin, author of an in-depth book on the internal workings of iOS. ‘It reduces the complexity of reverse engineering considerably,’ he says.”
MacDailyNews Take: Wonder what Google, Samsung, and the jailbreakers are doing today?
“Why Apple has suddenly opened up its code is unclear. One hypothesis in the security community is that, as Levin puts it, someone inside the company ‘screwed up royally,'” Simonite writes. “Jonathan Zdziarski, another iOS security expert, favors [another] hypothesis, because accidentally forgetting to encrypt the kernel would be such an elementary mistake…. Opening up its code would make sense in light of Apple’s recent faceoff with the FBI, Zdziarski notes… Opening up iOS for anyone to examine could weaken that market by making it harder for certain groups to hoard knowledge of vulnerabilities, Zdziarski says.”
Read more in the full article here.
MacDailyNews Take: Apple to the government overreachers: Checkmate!
I trust this will turn into a good thing, by GM. But I still don’t like it when someone gets to look under my britches. 😱
Don’t like strangers seeing your precious?
You should try nudism. Very liberating!
For this to work, everyone has to commit.
I truly hope that this was an intentional move. The alternative would be that Apple is getting incredibly sloppy.
If this is not an intentional move, Apple has no choice but to play it as if it was planned and deal with the consequences. The alternative would be to look weak and vulnerable.
There is part of me that hopes it’s a screwup, then maybe Apple will get around to paying attention to what has been happening to the “trucks” day-to-day ease of use. Just my opinion.
It’s funny timing how this happened as the jailbreaks have reached an all time low in terms of keeping up with iOS releases… by a very significant margin.
If Apple were intentionally going to do this, an early major release beta would be the one to do it with.
I fear Apple is becoming too complex. When you have one task to do you focus. When its 500 tasks you make mistakes. When it’s 2000 you risk screwing up royally.
Now, would this bare iOS code also suggest parallel vulnerabilities in watchOS, tvOS, or macOS?
There are ways to deal with complexity on such a scale. I think Apple is struggling with it.
– As I’ve chatted with ‘herself’, I think the Mother Ship move is a distraction, both physically and mentally for Apple leadership.
– Sometimes the problem is unwillingness to let go of leadership roles and hand them off to others.
– Often the problem is communication, keeping it sane, functional and effective. (Welcome to humanity).
– Sometimes the problem is finding effective leadership to take over the growing number of segments, as opposed to a core leadership attempting to keep track of everything at once and inevitably losing sight of certain segments as well as the whole.
All in all, WWDC demonstrated that Apple has the usual brilliance at heart and a hell of a lot of work on technology integration going on, something NO other company can do. It’s one of the core subjects that makes Google look like utter fools.
Anyone who thinks this was a deliberate move by Apple is fooling themselves. Someone is having a very, very bad week.
This could be just that intentional on Apple’s part. Open the doors and allow people to find vulnerabilities this way you truly know how secure your OS is
I vote:
…someone inside the company ‘screwed up royally,’
But let’s watch what Apple does in the next beta.
Further dispatches from the front lines of the Crypto Wars. Apple’s fortress of secrecy loses some parapets, whilst iron gates to their walled garden stand ajar. In chess terms, it looks more like a trap than a blunder.
Daring Fireball, 22 June:
UPDATE: Just got this from an Apple spokesperson:
“The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security.”
So: definitely not a mistake