03 November, 2009

Android vs iPhone OS patching

I just finished reading the changelog for iPhone OS 3.0 on the Apple support-pages, and after reading the Google Android changelog from my recent Magic-update, Apple does not impress me that much anymore.

iPhone OS 3.0 (rls. june'09) had 38(!) vulnerabilities, many of them quite critical, whilst Android had a grand total of 2 vulnerabilities (critical announced ones that I can find online), which were even spread across 2 update-intervals 3 months apart...

1 of the vulnerabilities in Android involved applications having CAMERA-privileges without the user explicitly allowing it, and the other one involved maliciously crafted sms-messages that could reboot the device.

Most of the 38 counted vulnerabilities on the iPhone were critical. Involving post-actions ranging from a device-reset, to arbitrary code execution. What made me re-act was where in the system the bugs resided, which was just about everywhere!

The following sub-systems on iPhone OS 3.0 had vulnerabilities announced on the changelog: CoreGraphics, WebKit, ImageIO, IC for Unicode, IPSec, libxml, Mail, MPEG-4 Codec, Profile, Safari, Telephony, Exchange.

I'm really, REALLY glad I chose a device running an independantly developed open platform :) instead of a closed-source license-hog of a proprietary mobile overkill-system :P


0 kommentarer :

Post a Comment