Spitballing IoT Security

Ronald F. Guilmette rfg at tristatelogic.com
Fri Oct 28 00:17:09 UTC 2016


In message <20161027204258.CD18057D529E at rock.dv.isc.org>, 
Mark Andrews <marka at isc.org> wrote:

>> The problem is, as I have said, this device is now the Apple equivalent
>> of Windows XP.  There could be a horrendous collection of a dozen or
>> more known critical security bugs in the thing by now, but as someone
>> noted, the last update Apple issued for the thing was in Feb 2014.
>
>But is there?  Can you list a single security bug in iOS 6.1.6 that
>would require a iOS 6.1.7?

An entirely reasonable and logical question, Mark.

I'll admit, it took me a bit of digging, but the answer would appear to
be "yes":

    https://threatpost.com/apple-fixes-cookie-access-vulnerability-in-safari-on-billions-of-devices/112246/

Note that I have the latest and greatest IOS 6.1.6 on my 3GS.

The Safari HTTP User-Agent string is apparently as follows:

    Mozilla/5.0 (iPhone; CPU iPhone OS 6_1_6 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10B500 Safari/8536.25

So, Q.E.D. ?


Regards,
rfg



More information about the NANOG mailing list