Seems that Safari has a flaw allowing the browser to become a zombie (usually has NSFW ads,) even behind a firewall, essentially.
Well, the desktop version was fixed, but the iPad and iPhone? Still vulnerable.
I’ll stress that merely having the security flaw isn’t being evil, but when fixing it, not fixing it on a platform that’s also affected (and was shown in the initial disclosure) is evil against the entire Internet, and against customers of the platform.
Especially given AT&T’s new 3G limits, that’s just lovely.
There’s not much to report here, other than security expert Marc Maiffret claiming that Apple appears to have a lax attitude towards security, and sticking with security through obscurity to avoid malware.
Sure, there’s not much malware for OS X now, but Apple’s lax attitude towards security (including leaving major Java vulnerabilities unpatched for six months) means that there’s not much security there if anyone does ever target OS X.
Like at Pwn2Own, where every year of the contest, Apple products got pwned – and from 2008 on, they were the first to fall.
Source: LA Times Blogs