It is spring and spring is the time when a young man or woman’s fancy turns to frowning and looking very serious about the poor state of security on Apple platforms.
According to Vice, “Apple Is Having a Really Bad Time With iPhone Security Bugs This Year.” (Tip o’ the antlers to @designheretic.)
Have you ever had a good time with iPhone security bugs? They’re real downers at parties.
Since the beginning of 2021, Apple has patched seven bugs that “may have been actively exploited,” according to Motherboards’s count of vulnerabilities mentioned in Apple disclosures.
Now, the fact that seven of them have been “actively exploited” does seem bad. It used to be that pundits would rend their garments and wear out their fainting couches over Apple security bugs and you’d say “Yeah, but were any of them exploited?” and they’d suddenly get really into shuffling their papers. Like so much into it you wondered what was on those papers.
What were those papers? Why did they have so many of them? We never found out.
It’s quite difficult to say whether iOS security is “getting worse,” as that depends on specifics which are very difficult to have full insight into.
Still, most of these exploits are used against high-profile targets and, sadly, dissident groups. If you’re not James Bond and not unlucky enough to be a minority in an authoritarian state (coming soon to a state near you!), you’re probably fine, which Vice gets around to mentioning in the last paragraph.
Even if the number of iOS bugs being exploited has gotten worse, there’s another advantage to being on an iPhone.
“Apple fixes security flaws in seven-year-old iPhone models with iOS 12.5.3.” (Another tip o’ the antlers to @designheretic.)
That update went to phones that were outside of the official window for support. Now, you can argue that that indicates the severity of the bug and that’s probably true, but Apple could also have told people still using the iPhone 5s to suck rocks and get a dang SE or something already. The Macalope would tell you to go find another mobile platform where you can get security updates seven years later while he waited but he would be waiting until the heat death of the universe so he’s not going to tell you to do that.
So, on the one hand we have a fair number of iOS security flaws and, worse, they’re getting exploited. Okay. Not great. On the other hand, it’s unlikely you’ll ever be targeted because bad actors pay a lot for these bugs and no one wants your toy poodle pictures, Ned, we can get them off Instagram. Why would we pay a million dollars? It makes no sense. On the third hand of this hideous tri-limbed Xenomorph of an argument, we have the fact that Apple updates phones for far longer than “the other guys”, even when it doesn’t provide updates for phones that are out of warranty.
Should you be somewhat aware of these issues and should you keep your iPhone updated when new bug fixes come out? Absolutely. Should you turn off Wi-Fi on your phone, pop out the SIM card and stomp it into a million pieces just to be on the safe side? No.
We talked about this, Ned.