Earlier this week, the web was all abuzz with the news that a significant vulnerability had allegedly been discovered in the iPhone’s version of Safari. While we still don’t know the full details on that story, the bug has apparently been reported to Apple by the discoverers, Independent Security Evaluators (ISE). ISE researcher Dr. Charles Miller is due to report on his findings at the Black Hat security conference on August 2nd. The researchers have submitted a patch as well, though Apple wouldn’t comment on whether an update would be released.
Unfortunately, it appears that a similar vulnerability could exist in the OS X and Windows versions of Safari as well, though it “may not be exploitable.” If I had to hazard a guess, I think part of that may be because, unlike the iPhone, apps on the Mac and PC are not usually run as a superuser (though they may still be able to wreak other damage).
In the end though, Miller seems to have taken a fairly balanced stance on the security foofaraw:
But would [Miller] give up his new iPhone? Not hardly. “It’s like any other computer,” he said. “As long as you’re careful about the sites you visit and know what wireless access point you’re connecting to, you should be safe.”Reasonable behavior and responsible bug reporting; there are definitely some security researchers who could take lessons from these guys.
