Apple zero-day drama for Macs, iPhones and iPads – patch now!


Here on Naked Security, we’ve been lamenting the mysterious nature of Apple’s security updates for ages.

RELATED POSTS

For example, even when widely-known security problems appear in components that are part of Apple’s operating system, Apple routinely refuses to say when, or even if, it plans to address the issues itself.

Back in February 2013, for instance, a dangerous bug was found and patched in the widely-used sudo command:

As you probably know, sudo is a program that allows you to substitute the current user and do a command (strictly, su here stands for setuid()the Unix / Linux function used to switch between accounts).

Because the most prevalent use of sudo is to switch up to the root account, rather than down to a less privileged one.

… Any authentication bypass bug in sudo should be considered critical, because it could provide anyone who’s currently logged into your computer with a trivial and apparently official way to turn themselves instantly into an administrator.