[Don't ignore it] The fear of ``vulnerabilities'' seen in iPhones from a while ago [Don't do it]

I'm Yamada from the Systems Department.
Recently, a ton of Linux-related vulnerabilities have been announced, and
the server team I'm a part of has been extremely busy.
Apache, MySQL, glibc, opennssl...
Today, I'll be talking about vulnerabilities that may not seem relevant to you, but are actually very relevant. This
is a must-read for anyone who frequently uses smartphones or computers.

What is vulnerability???

Vulnerability. It's a rather difficult word.
Saying "vulnerability in ____" sounds technical and difficult, but it
basically refers to a security "flaw" in the software that runs a computer.

So, whether it's your smartphone or PC, or
even the smart home appliances that are all the rage these days,
any complex electronic device contains some kind of "software."

Since this "software" is basically created by humans,
it is natural that unexpected "defects" such as bugs and design errors can exist.

provide fixes
when they become aware of flaws You often see notifications for "Windows updates" or "iOS updates," and
if you look inside, they say something like "Addressing vulnerabilities related to XXX."

Something like this

However, I think that many people ignore this notification because they find it "troublesome" or "don't understand it well."
That's not okay.

Fragile Folktales

This happened just a few years ago, when the iPhone 4 was just released, but
the operating system that ran the iPhone 4, iOS 4.3.3, had an extremely dangerous vulnerability.

Basically, the iPhone strictly limits the parts that we, the average user, can operate,
ensuring security to prevent anything strange from entering.

However, it is also true that a technique known as "jailbreaking" has existed for the iPhone for a long time,
which allows users to remove the restrictions placed on the device and
gain access to important system settings and files that they would not normally be able to access.

This "jailbreak" basically requires connecting the iPhone to another computer and
modifying the iPhone from the computer, but
"iOS 4.3.3" is easier to "jailbreak" than any other device to date.

has a flaw that allows a special program to be executed
when opening a PDF, a common type of electronic document file, that . By exploiting this flaw, a jailbreak can be achieved simply by viewing a PDF file from a website.
It only takes a few seconds.

Some people even took advantage of this to jailbreak unlocked iPhones and
remotely control them as they pleased. There was
also a real risk that this flaw could be exploited to inject viruses into the user's device while browsing websites.
Anyone who owned an iPhone at the time could easily have their smartphone taken over by simply visiting a slightly suspicious website. It's frightening.

This "flaw" was quickly addressed by Apple, who distributed a corrected version of the software, but
ignoring such issues will leave you exposed to risk indefinitely.

Furthermore, this is not an old story at all;
just a few months ago, there were reports that a jailbreak method very similar to this one was being used on iOS 9.3.2.
This was back in 2016.

What to do about vulnerability?

So what should you do?
Basically, you should never ignore update notifications, whether it's Windows, iPhone, Android, Java, or iTunes.
Even if it's a hassle, make sure you read the contents carefully, investigate, and respond appropriately.
If something serious happens, you'll be held responsible.

However, you need to be careful as there are also fraudulent viruses that disguise themselves as security notifications

Be careful of this. It's a scam!

By the way, the reason I chose this story today is that
the other day when I went to check on a friend's PC for maintenance, I
noticed that he had completely ignored the "Java Update" notification, so I decided to use this as a topic to warn him.

It's been getting colder lately, so please be careful not to damage your body or your PC!

If you are concerned about security on your server, please contact us here.