Hacker News new | ask | show | jobs
by scarface74 2839 days ago
To nitpick actually they have.

IOS 6.1.2 came out 6 months after iOS 7

But what unpatched security flaws have been reported in older versions of iOS that would allow an attacker to install a keylogger or otherwise exfiltrate user data?
2 comments
saagarjha 2839 days ago
> But what unpatched security flaws have been reported in older versions of iOS that would allow an attacker to install a keylogger or otherwise exfiltrate user data?

…a jailbreak?

link
scarface74 2839 days ago
I haven’t been able to find an untethered Jailbreak for iOS 5 - ie a method for an unsuspecting user to have his iOS device compromised.

A “tethered jailbreak” means the user purposefully went through a series of steps to jailbreak thier device or someone else physically got access to thier device.

link
saagarjha 2839 days ago
I don't quite understand what you're trying to say here. The difference between an "untethered" and a "tethered" jailbreak is that an untethered one sticks around after you reboot your phone. So how exactly is this relevant here?
link
scarface74 2839 days ago
An untethered jailbreak is one that doesn’t required you to be connected to your computer. (http://osxdaily.com/2010/11/24/tethered-jailbreak-vs-untethe...). A tethered jailbreak requires you to be connected to a computer.

The difference is that an untethered jailbreak takes advantage of a security flaw in the OS that could be theoretically embedded into a website that you visit and your phone could be jail broken without your knowledge.

A tethered jailbreak means that you either intentionally took steps to bypass the security of the OS or someone who had access to your device did.

link
badpun 2839 days ago
> But what unpatched security flaws have been reported in older versions of iOS that would allow an attacker to install a keylogger or otherwise exfiltrate user data?

I don't follow the field of iOS security. I only know that, like everyone whose computing devices handle sensitive data and/or money, I want my system to be patched ASAP if a vulnerability is detected. AFAIK, Apple makes no such guarantees.

link
scarface74 2839 days ago
The alternative is Android that has a much weaker security model and where the manufacturers don’t offer patches for more than two years if at all.

But as far as iOS, I am not aware of any unpatched security vulnerabilities that have been reported in over ten years that would allow an app to exfiltrate sensitive data from another app on a none jailbroken device.

link