On Wednesday, Apple announced a long list of security changes which had been included in the newest operating system update. Unfortunately, they had once again neglected to mention just how serious these security bugs could have been to their users.

While Apple gave credit to many independent security experts, it continued to not establish the difference in bugs based on their severity and buried the fix to a colossal vulnerability.

The most noteworthy fix of the Apple knowledge base list (over 53 vulnerabilities long) was concealed at the bottom of the list kept apart from the other vulnerabilities as a “note” that read, “iOS 8 contains changes to some diagnostic capabilities.”

The aforementioned note linked to an alternative new knowledge base article, which describes updates to the diagnostic tools in iOS 8. In the past, the tools had enabled people with unauthorised access to iOS’s encryption keys to connect wirelessly to the iPad or iPhone and withdraw sensitive information e.g. pictures and text messages regardless of whether the device has been unlocked.

The backdoor was announced at the Hope-X conference during July by independent security and forensics expert Jonathan Zdziarski, who has dedicated a lot of his research to iOS. The vulnerability in question affected approximately 600 million iOS devices and could be taken advantage of by anyone, from teenagers to parents to government agencies, who put together a computer with the target iOS device until that particular device had been completely scrubbed.

During this time, Apple had gone against the suggestion that the diagnostic tools were a backdoor produced with “any government agency.” There was also a lot of controversy in regards to debates that were had amongst security experts as to whether the flaw even came to the appropriate definition of a “backdoor.” However, in the latest update Apple took measures to ensure the diagnostic tools would not have the same level of persistent remote access.

Please follow and like us: