[Don't ignore it] The fear of ``vulnerabilities'' seen in iPhones from a while ago [Don't do it]
table of contents
This is Yamada from the Systems Department.
Lately, a lot of Linux-related vulnerabilities have been announced, and
the server team I belong to has been very busy.
Apache, MySQL, glibc, opennssl...
This time we'll be talking about vulnerabilities that may not seem to concern you, but are actually very relevant.
A must-see for people who often use smartphones and computers.
What is vulnerability? ? ?
Vulnerability. That's a difficult word.
"Vulnerabilities in ____" give the impression of being technical and difficult, but
in essence, they refer to security "flaws" in the software that runs computers.
So, whether you're using a smartphone or a PC,
all complex electronic devices, including the recently popular smart home appliances,
contain some kind of "software."
Since "software" is basically created by humans, it
is naturally possible for it to have unexpected "defects" such as bugs and design mistakes.
That's why when manufacturers notice this "defect" they
provide "software" to fix it.
I often get notifications about ``Windows updates'' or ``iOS updates,'' and
when I look inside, it says something like ``Addressing vulnerabilities related to XXX.''
Something like this
However, I think a lot of people ignore this notification because they think it's a pain or they don't understand it.
That's no good.
fragile old story
This was just a few years ago, when the iPhone 4 was released, and
the OS running the iPhone 4, iOS 4.3.3, had an extremely dangerous vulnerability.
Basically, the parts of the iPhone that can be operated by general users are severely restricted
to ensure security and prevent strange things from getting into the iPhone.
However, it is true that iPhones have long had a practice known as "jailbreaking," and
by removing restrictions placed on general users,
there is a way to access important system settings and files that would normally not be touched. .
requires a process such as
connecting the iPhone to another computer and this "iOS 4.3.3" is more "jailbreaking" than any other terminal so far. was easy.
Surprisingly
, ``iOS 4.3.3'' has a flaw that allows a program that would normally not be executed due to security to be executed when opening a ``PDF'', which is a familiar electronic document file. You can "jailbreak" just by viewing the "PDF" from . That time was only a few tens of seconds.
advantage of this to "jailbreak" unlocked iPhones and
remotely control them at will.
There was also a high risk that this "flaw" could be exploited to send a virus while browsing a website.
If you had an iPhone at the time, you could easily have your smartphone hijacked just by visiting a slightly suspicious website. It's scary.
This "flaw" was quickly addressed by Apple by distributing a fixed version of the software, but
ignoring something like this will leave you at risk forever.
Moreover, this is no old story;
just a few months ago, there was talk that a jailbreak method similar to this one would be used in iOS 9.3.2.
This is a story from 2016.
What do you do about being vulnerable? ?
So what should you do?
Basically, you shouldn't ignore update notifications, whether it's Windows, iPhone, Android, JAVA, or iTunes.
Please read the contents carefully, research them, and respond appropriately, even if it is troublesome.
If anything goes wrong, you will be responsible for it.
However, there are also fraudulent viruses that pretend to be security notifications, so you should be careful.
Be careful about this. It's a scam!
By the way, why I chose this story this
time is because the other day I went to check on an acquaintance's PC for maintenance, and she
kept ignoring the "Java Update" notifications, so I thought I'd write this as a reminder. I did.
Now that it's getting colder, please be careful not to damage your body or your PC!
If you are concerned about server security, please click here.