Apple slammed for buggy iOS 7.1 release that left users vulnerable to major hacks for weeks

Apple iOS 7.1.1 Bug Fixes

We know that Apple released iOS 7.1.1 earlier this week to fix a wide range of bugs and it turns out those bugs might be much more serious than we realized. Ars Technica reports that Kristin Paget, a former Apple whitehat hacker who now works for Tesla, has been ripping into her former employer for allegedly leaving its users wide open to some potentially serious hacks in the weeks between the releases of iOS 7.1 and iOS 7.1.1.

Per Ars, Paget found that some of the vulnerabilities “gave attackers the ability to surreptitiously execute malicious code on iPhones and iPads without requiring much or any interaction from end users.” To make things even worse, Paget said that Apple patched the same vulnerabilities in OS X weeks earlier but for some reason waited weeks after the patch before releasing the same fixes to iOS users.

Is this how you do business?” Paget asked in a blog post this week. “Drop a patch for one product that quite literally lists out, in order, the security vulnerabilities in your platform, and then fail to patch those weaknesses on your other range of products for *weeks* afterwards? You really don’t see anything wrong with this?”

Apple first hired Paget back in 2012 to help beef up security for OS X and iOS. Before that, she had a long tenure at Microsoft where she won acclaim for her role in taking a lot of bugs out of Windows Vista. Paget left Apple earlier this year for a job at Tesla.

blog comments powered by Disqus