As Apple faces up to its second embarrassing security flaw in as many months, we ask: is Apple winning the security war?
In light of the recent security breaches, we ask: is Apple winning the security war?
“We greatly regret this error and we apologise to all Mac users, both for releasing with this vulnerability and for the concern it has caused,” said an official Apple statement at the end of last year. “Our customers deserve better. We are auditing our development processes to help prevent this from happening again.”
This apology was issued following a major security flaw that enabled access to the root superuser account with a blank password on macos High Sierra version 10.13.1. Apple quickly released a security patch to solve the issue, but the whole episode was deeply embarrassing. What with the
“The battle between convenience and security is perpetual; no matter how hard Apple tries, it will always be a raging war”
furore over reduced battery performance in iphones and the potential legal ramifications that holds, Apple could’ve done with a quiet start to 2018.
What it certainly didn’t want was a second passwordrelated security blip in as many months. But that’s exactly what happened, much to the dismay of Apple users all over the world. This time around, hackers revealed a security flaw in a version of macos High Sierra that enabled the App Store menu in System
Preferences to be unlocked with any password. The bug, found solely in macos High Sierra 10.13.2, gives someone with admin-level access to your computer the ability to disable settings related to automatically installing macos software, security and app updates.
Apple has fixed this issue in the beta version of 10.3.3. This isn’t as serious as the root access bug in 10.3.1, but it does pose serious questions about Apple’s auditing of its development processes. Apple has always made the right noises when it comes to security and privacy, and we have no reason to view this as anything other than another embarrassing oversight, but that won’t stop its fiercest critics having a field day.
No surprise then that Apple was among the first companies to offer immediate OS updates to negate the threat of the socalled Meltdown and the Spectre bug, which is said to affect almost every modern computing device from any manufacturer using chip designs from Intel, AMD and ARM. Intel processors can be found in Apple’s Mac lineup, and ARM architecture in its iphone, ipad, Apple Watch and Apple TV ranges. Despite no immediate or known threat, Apple is urging users to update their devices to the most up-to-date versions. What, if anything, this goes to show is that security and privacy isn’t an issue just facing Apple, but one that affects the whole computing industry.
In truth, it’s easy to see why there has been an increase in newsworthy security flaws. As the technology in our devices gets better, so does the open risk to our privacy and security. The battle between convenience and security is perpetual – it will always, no
“Our advice is to always keep your devices updated with the latest versions”
matter how hard Apple tries, be a raging war. Loopholes will be found, fixed and the cycle will begin again. If Apple stopped innovating and stopped making incredible products we would rightly complain, but innovation shouldn’t equate to a lack of pragmatism when it comes to looking after our security. That’s a right that any Apple user is entitled to, even if we take it for granted sometimes. There’s a balance to be found, and maybe Apple just isn’t hitting the high notes it has done in the past. One cock-up can be forgiven, a second can possibly too, but a third? That really would signal that something isn’t quite up to standard.
But, this story is not a way of scaremongering you, but merely highlighting that Apple has had an indifferent record since macos High Sierra was introduced. Our advice is to always keep your devices updated with the latest versions (this is where Apple will automatically fix any problems) and follow the advice we’ve been writing in this magazine for years – use complex passwords, limit exposure to information on any lock screen, use features like two-factor authentication and keep location and web browsing data private.
Apple can – and will – do better; just make sure you do everything you can to put yourself in the best possible position when it comes to your own security and privacy.
Face ID on iphone X introduces a revolutionary new way to securely unlock, authenticate and pay – and with it a huge amount of new security provisions
macos High Sierra has seen two security breaches in as many months, much to the embarrassment of Apple’s development team