Talk about salt in the wound, and the primary concerns are actually stuff we modders are familiar with...
The Tiff exploit, which I'm guessing is the 10 year old problem they mention on Windows is now the first step in the 1.1.1 JailBreak process, and giving "root" permissions to the Apps we install give them the power to do anything they want...
SO I don't know how concerned I should be, since without these security flaws I wouldn't have been able to mod my iPhone.
One thing that does scare me tho is someone creating a bogus Tiff that tells one of the default programs to use it's permissions in a devious way
I too hope Apple fixes it, because the TIFF flaw affects EVERYONE, not just modders.
Case in point, I had a go with the TIFF on a virgin iPhone, and while I did not see any immediate damage, I did however notice that my user profile was no longer reckognized by iTunes, it forced me to restore the phone.
So imagine someone maliciously put that TIFF into this very post, and you had viewed it with your iPhone... Well, get ready for a mini-heartattack the next time you sync your iPhone.
Now, the reason for the article was to inform everyone, not just modders, because what this essentially means is all we're waiting on now is someone to figure out how to include more instructions at the end of the TIFF file. Currently, the TIFF file LEAVES OPEN root access to the filesystem, Read and Write. By injecting further code into the tail end of that TIFF, the article somewhat implies that a hacker could then pass an instruction set to a native application which has ROOT access to do whatever it pleases.
The logic Apple used for security was, "if it doesn't have the right permissions it can't execute" which fine in a perfect Apple world, but you know as well as I do that doesn't exist, and as such hackers would use Apple's own permissions to do their dirty work for them.
What kind of dirty work? Well a very simple one is to send an email to all your contacts for example. That email could contain the TIFF attached, and if any of them have an iPhone, well, the exploit just replicated itself on your dime... Thats off the top of my head since worms like that are common in the PC world.
WE ARE NOT SAFE. YOU HAVE BEEN WARNED!
Where was this article two weeks ago when I came to the same conclusion and posted about it for the blind eyes and deaf ears here? lols
Maybe Apple was not lying when they said they were against third party apps because of a security considerations. If true, it would seem that Apple embellished a bit about the iPhone being OSX driven. I don't recall OSX being so vulnerable.
Since the security worry shouldn't apply to Skype, Adobe, Slingbox, Google, AOL and others, there never was any "safety" reason to prevent large or small established companies from creating applications.
Except, the article makes sense:
It's not taking a long time to create an SDK... it's more about taking them a long time to rewrite the whole OS so it can safely support everyone's third party apps.
Sounds like FUD to me. It's easy to get rid of trusted applications in Winmob. Better sound the alarms! Or not.
I think this is mostly bogus. I don't hear an outcry over the Treo, and that doesn't even have the concept of "users." You can create an app that does anything it likes--but those apps don't just land on the Treo by themselves. Someone has to install them, just like on the iPhone.
Even so, you don't hear about Treo's "slowing down the Web" and they've had 3g for some time now. About all you hear is how apps can make a Treo unstable--and that is mostly due to the outdated "FrankenGarnet" OS in the Treo. OS X in the iPhone is light years ahead of that.
I sure hope Apple isn't rewriting the entire OS over this non-issue.
The biggest iPhone issue right now, by far, is the tiff vulnerability and that of course needs to be fixed.
A lot of hype due to the high profile of the iPhone. Win95 security?! Give me a break. The comparison only applies to the issue of running applications as root. What about network security? The title makes it sound like Win95's network "layer" is comparable to OSX's when they are light years apart. Plus, Apple can continue to improve things far more easily than the Windows 95 case given the superior OSX foundation.