iPad still has a major browser vulnerability, says group behind AT&T security breach

@HoldenMccrotch Sorry, I missed the entire article. Can't stop laughing!

@Irina
Security hole.
Backdoor entry.
Goatse security.

COME ON ENGADGET! DO YOU ACTUALLY EXPECT US NOT TO LAUGH?

@FanBoyTheTroll
if they dont do it then someone else will, and those people are likely to steal all your money

plus, for a lot of people this is a hobby, not their entire life, theyve probably got families and everything, dont go around slagging people you dont know anything about off, especially when theyre trying to improve the security of a now widely used product.

i just hope you get all your bank details stolen, then youll be crying for better security and the help of those 'bunch of lame ass hackers who have nothing better to do with there life then bother people..'
:)

@FanBoyTheTroll Actually they didn't have to hack anything. The hole was open for everyone to "enjoy" :P

How can Apple spin this? And yes that gaping booty is one hell of a hole ;) lolz

@HoldenMccrotch

Ahem....
plug it up, plug it up, plug it up.

@Mike Vick

Last time I checked Apple didn't like porn, so they have some fancy footwork to do.

@donv69
Ohh macs aren't bullet proof all of you mac lovers out there, shut it.

@Herr Synnberg I caught another one: UNPROTECTED PORTS. LOL!

@Darkroom - Exactly. And how is this AT&T's Fault?!

Apple, you are never going to find a better Homie than AT&T! They take a lot of heat and never say a bad word or point a finger. That iP4 antenna array is another admittance of "yes our cool stuff sometimes has flaws" like a lack of reliable hyper band hand-off from edge to 3G (with a $50 Samsung in parallel having no such problems). They took soooo much SHIT and not a negative peep from them. NOW THAT'S A FOR REAL HOMIE!!

PS Now patch the damn browser already. Sayin...

@Frankenstein Black Goatse hacked ATT's servers to get those email addresses. And they actually didn't do a very good job of showing that this 'hole' was part of the hack. So it is possible that the two are not related. Especially since it was fixed in the MacOS version of Safari

Also, they haven't proven that there really is a hole in the iOS version. Where's the video etc of an actual attack.

@Charlik
wheres the video of adobes security holes? Troll

@FanBoyTheTroll

How do I get "Girls hackers"? Actually, what are they?

@stringent They are also notorious for not fixing security holes and claiming their products are more secure than the competition.

@Pickaxe

+1

@Pickaxe .. Really ? Because us OSX users get lots of security updates through Software Update:

http://support.apple.com/kb/HT4218
http://support.apple.com/kb/HT1263
http://support.apple.com/kb/HT1646

Safari 5.0 was just released so it could be just a case of updating the iPad version with the new WebKit.

Also I am guessing more ammo for Adobe. Haha.

@stringent

considering adobe released a fix for their vulnerability after less than a week, it'll be nice to see how long it takes apple to release a fix.

maybe it'll be a new feature of ios 5...

@taligent
Apple was highlighted in the Symantec security for having unusually many security holes combined with the fact that the window of vulnerability being much longer than any of their competitors.
Apple had 13 days on average with Chrome being second with two days.
Here is the pdf if you are interested:
http://www4.symantec.com/Vrt/wl?tu_id=SUKX1271711282503126202

Funny thing to note is that if you read the report is that there actually is no mention of Flash in the highlights, which Jobs falsely claimed in his "thoughts on Flash".

@Wiggy Fuzz Adobe's vulnerability was being actively exploited in the wild, or so the advisory stated. This vulnerability? Well, the fine folks at Goatse couldn't even be bothered to video a demonstration, so without further proof I'm not willing to accept at face value their claim that it allows hackers to insert undetectable background processes into the iOS browser.

@OldNewOne
I think is the vulnerability mentioned here:
http://encyclopediadramatica.com/Safari_XPS_Attack
There you got your videos from Goatse as well.

The number of infections from the recent Flash vulnerability is according to Symantec 0-49:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2010-060601-3020-99

So while it is reported to have been exploited in the wild, so far it has been extremely rare.

@OldNewOne Umm, maybe because they're being investigated by the FBI...

@stringent

Not true, I've found out that Apple will be bringing back their "I'm a Mac" ad campaign just for this. The new commercial features Justin Long and John Hodgman again. This time, though, John walks into the white room (Steve's closet I assume) and finds Justin with his hands behind his back, sobbing. "But Mac, aren't you going to deride my lack of security or something similar?" asks John. "I'm a Mac, and I... just got fucked!" Justin sobs. "Excuse me?" John asks empathetically. Justin then turns around and exposes his bare, red, gaping asshole. It's a rather large hole, held open by his own hands. He has a ring on one of his fingers. "I just got goaste'd goddamit! Leave me alone, PC! What are you going to do, now, huh? Now that I'm exposed as a fraud!" Justin cries, drool seeping out of his mouth. "Well, I wish you the best of luck. Pardon me, though. I have some work I need to get finished." John leaves. Justin continues crying, his hands seemingly permanently placed behind his back. Fade to white, with large Apple logo.

@The Mad Mule Ahaha. What next, Lemon Party Solutions?

@fpad77
2girls1computer service techs

@fpad77 Meatspin Security - a "revolution" in trustworthy computing.

@gapechorin
really?
not even purchasing things online?
ebooks perhaps?
and a lot of businesses use ipads/iphones thinking theyre secure

@rederikus .. I would be more worried about all the Android devices that are "stuck" on older releases and aren't being actively updated.

The carriers and manufacturers on ALL platforms should be forced to release security updates when they are made aware of them for say the previous 5 years of products.

@taligent
On the other hand you could just buy a BlackBerry and then laugh at Apple and their useless software.

@rederikus .. So you're implying that Blackberry has no security problems. Do you know how silly that makes you ?

http://www.cio.com.au/article/343638/your_blackberry_dirty_little_security_secret/

@taligent

Why should some outside power force companies to do anything? People should stop giving money to companies who don't support their own products.

@taligent you mean like the iphone 2g firmware is not being updated this year to ios4

@Psilion Goatse probes reveal gaping hole into the warm, gooey center of iPad security. Personal info can be found dangling for easy viewing near said backdoor entry point.

@fubarweb
Steve Jobs: See, this is why I don't want Adobe Flash on my iPad. Oh wait. Scott?
Security camera caught Scott Forstall running to the back exit.

@pika2000

Two disadvantages of pubicly rubbishing a technology on performance and security grounds and then refusing to allow it on your platform:

1) When it's shown to perform well on other platforms you look like a cock.

2) When your own product has security problems you cant blame it on them. And then you look like a cock.

@fubarweb
That's what I came in to say. Good thing they didn't approve Flash, right? Cause Android users have all had their e-mail addresses leaked due to that terrible Flash security hole.

What a joke. This is coming from the guy that takes pride in being the first to get rid of the optical drive in a laptop.

@malexandria1

Actually, the official line is that Apple products are FUN to hack, because it doesn't require all too much effort

@Locust
plus you get to name your hacking group something amazing XD