nanog mailing list archives
Re: Spitballing IoT Security
From: "Ronald F. Guilmette" <rfg () tristatelogic com>
Date: Thu, 27 Oct 2016 17:17:09 -0700
In message <20161027204258.CD18057D529E () rock dv isc org>, Mark Andrews <marka () isc org> wrote:
The problem is, as I have said, this device is now the Apple equivalent of Windows XP. There could be a horrendous collection of a dozen or more known critical security bugs in the thing by now, but as someone noted, the last update Apple issued for the thing was in Feb 2014.But is there? Can you list a single security bug in iOS 6.1.6 that would require a iOS 6.1.7?
An entirely reasonable and logical question, Mark. I'll admit, it took me a bit of digging, but the answer would appear to be "yes": https://threatpost.com/apple-fixes-cookie-access-vulnerability-in-safari-on-billions-of-devices/112246/ Note that I have the latest and greatest IOS 6.1.6 on my 3GS. The Safari HTTP User-Agent string is apparently as follows: Mozilla/5.0 (iPhone; CPU iPhone OS 6_1_6 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10B500 Safari/8536.25 So, Q.E.D. ? Regards, rfg
Current thread:
- Re: Spitballing IoT Security, (continued)
- Re: Spitballing IoT Security Edward Dore (Oct 27)
- Re: Spitballing IoT Security Alan Buxey (Oct 27)
- Re: Spitballing IoT Security Mark Andrews (Oct 27)
- RE: Spitballing IoT Security Emille Blanc (Oct 27)
- Re: Spitballing IoT Security Edward Dore (Oct 27)
- Re: Spitballing IoT Security -- Dancing around a solution Stephen Satchell (Oct 27)
- Re: Spitballing IoT Security Leo Bicknell (Oct 27)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 27)
- Re: Spitballing IoT Security Mark Andrews (Oct 27)
- Re: Spitballing IoT Security Ca By (Oct 27)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 27)
- Re: Spitballing IoT Security Jon Lewis (Oct 27)
- RE: Spitballing IoT Security Emille Blanc (Oct 27)
- Re: Spitballing IoT Security Rich Kulawiec (Oct 28)
- Re: Spitballing IoT Security Geoffrey Keating (Oct 27)
- Re: Spitballing IoT Security John Levine (Oct 27)
- Re: Spitballing IoT Security Leo Bicknell (Oct 27)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 26)
- Re: Spitballing IoT Security Chris Boyd (Oct 26)
- Re: Spitballing IoT Security Mark Andrews (Oct 26)
- Re: Spitballing IoT Security Mel Beckman (Oct 26)