chadbag
About
- Username
- chadbag
- Joined
- Visits
- 829
- Last Active
- Roles
- member
- Points
- 4,365
- Badges
- 2
- Posts
- 2,032
Reactions
-
Apple fails to patch publicly disclosed zero-day flaws with iOS 15.0.1
As far as I understand it, one of them is not actually a bug -- the one where having location permission lets you get extensive WiFi connection data. That is by design, unfortunately. Because you can use WiFi data to extrapolate a user's location, Apple requires you to have (request and be granted) location permission to be able to get detailed WiFi info from the system.
-
AirTag vulnerability turns tracker into Trojan horse, fix incoming
Recently, with all the "oops" we've seen it looks like Apple engineering is run by amateurs. I know it is not but with this, the file:// thing, and other just stupid engineering issues...dewme said:Sigh. So much for having all new products undergo a design for security (DFS) review. This class of vulnerability should not be making it into a release product, especially for one with such a narrow attack surface. If it was 1995 maybe this would be a forgivable “oops” but in the year 2021, it’s simply embarrassing.
-
Apple ignored reports of three big security problems in iOS 15, researcher says
I have not looked at the actual details of the third one, and am working just from the description herewhile the third allows apps with location services permissions to gain access to Wi-Fi information.
but based on that description, this is not a bug, but by design. There are APIs that allow you to get WiFi information, and because, through triangulation, that WiFi I formation could be used to deduce location pretty accurately in many cases, Apple requires location services permission be granted to use the WiFi info APIs. The app I work on needs WiFi I formation (vertical market app — not consumer app) and we’ve had to deal with this and have gone back and forth with Apple on the requirements for this. We have to ask for location services permission but we don’t actually need the persons location.
-
Report suggests Apple's A15 Bionic lacks significant CPU upgrades due to chip team brain d...
Dear editor: it seems that a piece of a sentence is
missing. This sentence fragment occurs at the end of a paragraph, but is not a sentence itself so makes no sense:Many of the graphics-intensive tasks like ProMotion variable display refresh rates. -
Researcher testing Apple CloudKit accidentally took Shortcuts completely down
To the editor: “ on Monday revealed that he had accidentally broken Shortcut sharing links” (note “broken”, not “broke”)
