nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Spitballing IoT Security

From: "Ronald F. Guilmette" <rfg () tristatelogic com>
Date: Thu, 27 Oct 2016 17:17:09 -0700

In message <20161027204258.CD18057D529E () rock dv isc org>, 
Mark Andrews <marka () isc org> wrote:


The problem is, as I have said, this device is now the Apple equivalent
of Windows XP.  There could be a horrendous collection of a dozen or
more known critical security bugs in the thing by now, but as someone
noted, the last update Apple issued for the thing was in Feb 2014.


But is there?  Can you list a single security bug in iOS 6.1.6 that
would require a iOS 6.1.7?


An entirely reasonable and logical question, Mark.

I'll admit, it took me a bit of digging, but the answer would appear to
be "yes":

    https://threatpost.com/apple-fixes-cookie-access-vulnerability-in-safari-on-billions-of-devices/112246/

Note that I have the latest and greatest IOS 6.1.6 on my 3GS.

The Safari HTTP User-Agent string is apparently as follows:

    Mozilla/5.0 (iPhone; CPU iPhone OS 6_1_6 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 
Mobile/10B500 Safari/8536.25

So, Q.E.D. ?


Regards,
rfg
Previous By Date Next
Previous By Thread Next

Current thread: