Hacker News Re-Imagined

About the security content of iOS 15.2.1 and iPadOS 15.2.1

  • 86 points
  • 3 days ago

  • @shantara
  • Created a post
  • • 59 comments

About the security content of iOS 15.2.1 and iPadOS 15.2.1


@Copernicron 3 days

Replying to @shantara 🎙

Does anyone know what's going on with iOS 14? I didn't upgrade because Apple said it would still be supported but there hasn't been any news in quite a while.

Reply


@Syonyk 3 days

Replying to @shantara 🎙

Dear Apple:

User-set name strings are not trusted data. Even if you filter on submission, people will find ways around it.

This is the second "User can set the name of a device to a string that screws things up badly" bug in recent history. The other one was the "You can set your AirTag name to cross site scripting tags" one.

Reply


@egberts1 2 days

Replying to @shantara 🎙

That’s why i always have HomeKit disabled but it’s the damn Apple upgrade or power cycle that keeps flipping it BACK on.

Reply


@xoa 3 days

Replying to @shantara 🎙

Ars amongst a number of others had an article covering this [0] last week. Not that trivial to exploit but sounded relatively nasty if it was triggered, so better late than never. Though HomeKit overall has been a pretty significant disappointment and definitely feels like one of those semi-afterthought type of Apple projects at this point. Important enough or with enough internal sway to not get dropped outright, but not enough to get any serious effort either. Like the Mac Pro maybe, though that one is even more disappointing. So I wonder how many people make much use of it, let alone share with others.

----

0: https://arstechnica.com/information-technology/2022/01/5-mon...

Reply


@emptybottle 3 days

Replying to @shantara 🎙

It's a shame there isn't an alternate software path for iOS devices that have aged out of security updates.

I have an iPad whose hardware has life left in it, but as time goes on it's more and more it's worrisome to run a connected device without security updates.

Reply


@petecooper 3 days

Replying to @shantara 🎙

>CVE-2022-22588

Wow. 12 days into 2022 and we're already up to 22k CVEs filed.

Edit: I was wrong. Thanks @minhazm and @geofft.

Reply


@webinvest 3 days

Replying to @shantara 🎙

There was only 1 Denial of Service bug patched. No where as many exploits patched as in prior versions:

https://news.ycombinator.com/item?id=29198901

Reply


@p49k 3 days

Replying to @shantara 🎙



About Us

site design / logo © 2022 Box Piper