By using this site, you agree to our Privacy Policy and our Terms of Use. Close

Forums - General - Apple shooting the messenger for telling them about iOS vulnerability

Galaki on 09 November 2011

source

Find A Vulnerability In Apple Software; Lose Your License As An Apple Developer

from the kill-the-messenger dept

It appears that Apple is the latest company to take a "kill the messenger" approach to security vulnerabilities. Hours after security researcher Charlie Miller found a huge vulnerability in iOS, which would allow malicious software to be installed on iOS devices, Apple responded by taking away his developer's license.

The obvious implication: don't search for security vulnerabilities in Apple products, and if you do find them, keep them to yourself.

First off, here's Miller explaining the security hole:

To be fair, Miller did get Apple to approve an app that he was using to demo the security flaw. However, kicking him out of its developer program is exactly the wrong response. Miller, clearly, was not looking to use the code maliciously -- just demoing a problem with their system. In other words, he was helping Apple become more secure, and they punished him for it. The message seems to be that Apple doesn't want you to help make their system more secure. Instead, they'd rather let the malicious hackers run wild. As Miller noted to Andy Greenberg at Forbes (the link above):
“I’m mad,” he says. “I report bugs to them all the time. Being part of the developer program helps me do that. They’re hurting themselves, and making my life harder.”
And, no, this is not a case where he went public first either. He told Apple about this particular bug back on October 14th. Either way, this seems like a really brain-dead move by Apple. It's only going to make Apple's systems less secure when it punishes the folks who tell it about security vulnerabilities.


Pre-order limited edition Blue Slime Condoms

Around the Network
yo_john117 on 09 November 2011

Typical big company approach. They are idiots.



Jexy on 09 November 2011

Notoriously the worst company for devs to work with.



BOOM!  FACE KICK!

Jumpin on 10 November 2011
Jexy said:
Notoriously the worst company for devs to work with.


Actually it's completely the opposite.  Apple is probably currently the easiest to work with (it's between them and Microsoft, but the edge is currently in Apple's favour). Nintendo or Sega are probably the most difficult I have worked with.



I describe myself as a little dose of toxic masculinity.

Jexy on 10 November 2011
Jumpin said:
Jexy said:
Notoriously the worst company for devs to work with.


Actually it's completely the opposite.  Apple is probably currently the easiest to work with (it's between them and Microsoft, but the edge is currently in Apple's favour). Nintendo or Sega are probably the most difficult I have worked with.


Not from the devs I talk to, they say Microsoft and Google (Android) are far better and you can do far more with them. 



BOOM!  FACE KICK!