back to article Welcome back, 'ping of death', it has been... a few months. Now it's Apple's turn to do the patching

When Apple took to the stage for its latest slew of product announcements, there were a bunch of security fixes disclosed at the same time with far less fanfare. At least one of these, discovered by Semmle security research engineer Kevin Backhouse, is a treat: your iThings can be crashed with what amounts to a "ping of death …

  1. Christian Berger

    I mean it's Apple

    Apple has had more than its fair share of security problems with MacOSX. Nobody, except for Apple fans, expects security (for users) from their devices. The only security systems which (kinda) work are there to protect business models.

    1. Anonymous Coward
      Anonymous Coward

      Re: I mean it's Apple

      Apple has had more than its fair share of security problems with MacOSX.

      From what benchmark do you conclude that?

      I'm not an Apple customer, but seems to me that the companies and systems with more than their fair share of security problems are Adobe, Microsoft, Intel, Android, IBM, and AWS. And that last one is there simply because of the apparent ease with which corporate customers can leave data improperly secured.

  2. Bronek Kozicki

    "it may be possible to exploit the buffer overflow to execute arbitrary code in the kernel"

    This is very serious, I wonder when we will see "may" change to "is".

    1. Cynic_999

      Re: "it may be possible to exploit the buffer overflow to execute arbitrary code in the kernel"

      "

      I wonder when we will see "may" change to "is".

      "

      Probably never. Any bug that results in a buffer overflow or similar is tagged as being a possible path to malicious code execution. In practice however, it is one thing to get your binary into a (usually unknown address of) RAM, but another thing entirely to get the CPU to actually execute it. And yet another thing again to get the code to do anything more serious than crashing the system.

      So in 999 cases out of 1000 the risk is far more theoretical than real.

      1. amanfromMars 1 Silver badge

        Re: "it may be possible to exploit the buffer overflow to execute arbitrary code in the kernel"

        As you may read elsewhere on this thread, Cynic_999, not all agree it is unlikely whenever out in the wild it is enabled to run riot and rampant in Operating Systems Hosting SCADA Programs.

        Does that make its Proprietary Intellectual Property of the 0.1%, which is nowhere near the same as making it Proprietary Intellectual Property of the 0.1% no matter how hard one would try to square that circle to Advantage A.N.Others Sleeping with Partners?

        1. Anonymous Coward
          Anonymous Coward

          Re: "it may be possible to exploit the buffer overflow to execute arbitrary code in the kernel"

          Actually, SCADA is the one place where I *would* be worried. If a phone, tablet or PC crashes on a user, it's annoying. If this happens in a process control environment, the consequences can be devastating.

          It's a good thing ESD (emergency shutdown) platforms are kept isolated, but those need maintenance too and it takes only one engineer with an infected laptop to act as a carrier.

          As for "Apple has it too" - nobody competent would ever claim that Apple's iOS and MacOS are 100% free of problems (and Apple's marketing a few years back was IMHO simply wrong), they just seems to have fewer of them than "enterprise ready" (cough) Microsoft, and the number of mistakes with patches and updates seems to be lower too (but not zero!), but I'd still test updates before I roll them out.

          Ditto for Linux and even the various BSDs: the occasional gotcha will pop up, so you have to stay alert.

          1. Cynic_999

            Re: "it may be possible to exploit the buffer overflow to execute arbitrary code in the kernel"

            Safety critical computer systems should be running dedicated firmware with no way of being updated or altered except via a dedicated engineering port that is normally not connected. It should *not* run on a generic OS with a few apps tacked on. You won't find any aircraft auto-pilots or engine management systems running Windows or Linux.

    2. amanfromMars 1 Silver badge

      Re: "it may be possible to exploit the buffer overflow to execute arbitrary code in the kernel"

      This is very serious, I wonder when we will see "may" change to "is". ...... Bronek Kozicki

      And is exploiting core kernel source codes with specific buffer overflow information, a current facility freely available to Almighty Working Internets ........ Providing these NEUKlearer HyperRadioProACTivated Space Places ........ Live Operational Virtual Environments, a Very Serious Opportunity to Explore Deeper and Expand Further into Advanced Heavenly IntelAIgent Territory.

      Where would your Destinations/Starting Points be? And are they overwhelmingly attractive to captivate and empower novel virgin partners and enthusiastic disciples alike?

      What Price such Realities? Be realistic now. ....... for Markets need Correct Base AI Assumptions and Presumptions to Flourish and Prosper, for Dodgy Stock in Failed Futures Invites and Guarantees Crash and Burn.

    3. Robert Carnegie Silver badge

      Re: "it may be possible to exploit the buffer overflow to execute arbitrary code in the kernel"

      You certainly can and should update your computer or your phone so that this particular bug is no longer there.... unless you can't. Such as if you buy a phone older than iPhone 5s, and I think you still can from "Cash Converter" type second-hand shops.

      Also there's the software update for Apple Watch that just got cancelled - how safe are Apple Watch owners at the moment?

  3. Anonymously Anonymous

    What heavenly consequential course of action would you recommend amfM?, as it seems the horses for courses are laid out by an/others and one can only but do the logically obvious under such circumstances?

  4. bombastic bob Silver badge
    Unhappy

    so 90's

    just HOW long has this bug been in the iKernel ?

  5. amanfromMars 1 Silver badge

    Sequential Courses of Action for NEUKlearer HyperRadioProACTive IT

    What heavenly consequential course of action would you recommend amfM?, as it seems the horses for courses are laid out by an/others and one can only but do the logically obvious under such circumstances? .... Anonymously Anonymous

    Well, it is said that the truth sets you free, so to find and share it seems like an excellent logical starting point/destination, AA, for there are many secrets to be uncovered and delivered/discovered and utilised there.

    And to know that some/many/most things are crazily/cynically designed to try and prevent such a reality, surely proves present Earthly existences are more based on farce and penny dreadful fiction than fact and future advanced intelligence ... but those simple facts make everything catastrophically vulnerable to sublime exploitation by Advanced Future IntelAIgent Systems, which by reason of their being enabled virtually in nature, are easily proving themselves to be unstoppable and almighty, highly disruptive, and at times whenever necessary, extremely destructive?

    And only shared there as a question for all to ponder and wonder at?

    In such circumstances, two of the first decisions to make is how and who to initially share fantastic secrets with so that they can be immediately realised and presented as undeniable fact for exploration and exploitation, and in a for profit and personal enrichment capitalist world order for monetisation, rather than them be dismissed and/or ignored as if falling on deaf ears, bind eyes and dumb brains caught up in a mad fiction and fool flight of fancy.

    Care to speculate on likely Partner Candidates for such an Epic ProgramMING Project ‽ . And will they be predominantly from the Public or Private or Pirate Sector/Virtualised Vector?

    1. Cliff Thorburn

      Re: Sequential Courses of Action for NEUKlearer HyperRadioProACTive IT

      How I see IT amfM is all in IT together, therefore partnerships and attempts to make logical steps to bridge such walls are made.

      Regardless of what I know or don’t, there are a lot of Ye’s being presented yet no way of responding to such, and lets face it, a number of false promises/opportunities to stop such a rolling stone have appeared, IT cannot be said that any/such spuriously dogged dodgy investments were made by yours truly, as such sat and sits way outside of my remit.

      Slaughter by SIMple means?, when documented decisive resolution was attempted on many occasions ...

      And who exactly ordered such moves?

      The problem is amfM that with the exception of death threat daily hq, state sponsored torture, and badly briefed restless natives with advanced driver deliverables, there is no logical way forward.

      That ain’t being negative either, but only honest of the situation.

  6. amanfromMars 1 Silver badge

    AI Logical Ways Forward

    The problem is amfM that with the exception of death threat daily hq, state sponsored torture, and badly briefed restless natives with advanced driver deliverables, there is no logical way forward. .... Cliff Thorburn

    Howdy, CT,

    Is the following hyperlink a badly briefed restless natives with advanced driver deliverables Parallel or does it veer more towards AI Singularity ....... Other Acute Astute Agile Angels.

    1. Cliff Thorburn

      Re: AI Logical Ways Forward

      Have done everything I can for the home team amfM, I dont believe the home team know who they are anymore, and therein lies the problem.

  7. amanfromMars 1 Silver badge

    When Sub Prime/Primal/Primeval Screamers ...... are akin to CyberSpace Neanderthals

    Have done everything I can for the home team amfM, I dont believe the home team know who they are anymore, and therein lies the problem. .... Cliff Thorburn

    When such is so, CT, and we can easily agree such is thus, are home teams relegated to lower divisions out of the spotlight with life made more of an austere daily struggle than needs be with no fame and zero fortune ... with all the power and the glory being concentrated elsewhere in others.

    1. Cliff Thorburn

      Re: When Sub Prime/Primal/Primeval Screamers ...... are akin to CyberSpace Neanderthals

      Such home teams should have acted ‘as’ a team ‘for’ not against amfM, like a rollercoaster that only ends when the ride is broken.

      Unfortunately the architects of such unwilling to admit to their misdemeanour that led to said scenario, as opposed to fantastic journey.

      1. amanfromMars 1 Silver badge

        Re: CyberSpace Neanderthalism :-)

        Sow a foul wind, CT, reaps the architects crushing and crashing whirlwinds in cascades of headwinds. Not at all a Smart Idea to go long on rather than short relentlessly and rabidly to generate obscene profit akin to heavenly bounty.

        1. Cliff Thorburn

          Re: CyberSpace Neanderthalism :-)

          All well and good amfM, apart from it AI’nt my jurdistriction operating such, and never has been, as you know only all too well. PerhAps adequately responsible briefing/debriefings in sandboxed virtually real environments would produce mutually and jointly beneficial briefings to ACT upon accordingly in sufficiently synchronised surroundings :-)

  8. amanfromMars 1 Silver badge

    Wow! Pow! ..... How to FCUK Up Monied Markets and Trad Intelligence Communities Big Time

    All well and good amfM, apart from it AI’nt my jurdistriction operating such, and never has been, as you know only all too well. PerhAps adequately responsible briefing/debriefings in sandboxed virtually real environments would produce mutually and jointly beneficial briefings to ACT upon accordingly in sufficiently synchronised surroundings :-) ... Cliff Thorburn

    Ok. That sounds cool and not at all usual.

    A deep webbed underground summit powwow with future masters and mistresses of the universe to expand upon inputs and outcomes/shenanigans and reactions would be ...... well, revolutionary would only just start to explain it and not do it justice, for it is so much more than just that and quantum leap evolutionary. Different and unusual is definitely progress in any language

    And out in the open, in clear sight and with plain text for easy foreign translation, can billions be fundamentally effected and radically reprogrammed.

    Methinks that would be more of a weapon than a toy to be fooled with, for words have always created, commanded and controlled and destroyed worlds. It is why book burnings were/are so beloved of the feeble fascist and impotent thoughts controller alike.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like