Spitballing IoT Security
Ronald F. Guilmette
rfg at tristatelogic.com
Fri Oct 28 00:17:09 UTC 2016
In message <20161027204258.CD18057D529E at rock.dv.isc.org>,
Mark Andrews <marka at isc.org> wrote:
>> The problem is, as I have said, this device is now the Apple equivalent
>> of Windows XP. There could be a horrendous collection of a dozen or
>> more known critical security bugs in the thing by now, but as someone
>> noted, the last update Apple issued for the thing was in Feb 2014.
>
>But is there? Can you list a single security bug in iOS 6.1.6 that
>would require a iOS 6.1.7?
An entirely reasonable and logical question, Mark.
I'll admit, it took me a bit of digging, but the answer would appear to
be "yes":
https://threatpost.com/apple-fixes-cookie-access-vulnerability-in-safari-on-billions-of-devices/112246/
Note that I have the latest and greatest IOS 6.1.6 on my 3GS.
The Safari HTTP User-Agent string is apparently as follows:
Mozilla/5.0 (iPhone; CPU iPhone OS 6_1_6 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10B500 Safari/8536.25
So, Q.E.D. ?
Regards,
rfg
More information about the NANOG
mailing list