Apple tight lipped about latest security patch

Every week that passes brings with it a major Cyber Security story in the media.

Now, Naked Security is reporting that Apple tight lipped about latest security patch, after releasing its latest security patch.

Getting the word out is important, while it seems to have little effect on the prevalence of data breaches, it does however help unsuspecting users to get information on how to survive such incidents.

It’s just under a month since iOS 16.1.1 came out for Apple iPhone users, fixing a pair of bugs that were listed with the worrying words “a remote user may be able to cause unexpected app termination or arbitrary code execution”.

Both macOS 13 Ventura and iPadOS got updated at the same time, with a pair of security bulletins published on Apple’s web site.

Now, there’s another security update, apparently moving iPhone users only up to version iOS 16.1.2.

Naked Security have installed it, and after a comparatively modest download (by Apple standards, at least) of about 250MBytes, the reboot-and-update process completed reassuringly quickly, and the phone still seems to be working just fine.

But this update is mysterious even by Apple’s usually tight-lipped standards, with the company living up to, and perhaps even beyond, its official statement that the it “doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are generally available.”

Apple insists that this veil of secrecy exists “[f]or the protection of our customers”, and if silence really is golden when it comes to cybersecurity updates, then we can only assume there’s an awfully serious bug getting fixed this time round.

Indeed, the community has not yet received an Apple Security Advisory email, which is the usual way everyone hears about the latest patches, and Apple’s official security update portal HT201222 says nothing more than this:

As a matter of fact, I am beginning to believe that more reporting is having the contrary effect.

It has normalized Cyber Security incidents, and has made us helpless and lacking action.

If big businesses and even countries are not safe, how can individual defend against this threat.

Imagine if we were this lax towards physical bank notes or even organizational assets.

In my view one of the reasons why IT Security is facing this challenge, is due to company’s operational attitude towards Cyber Security. We say we are serious but we don’t act it.

Due to recent events, I do think things are changing and we are heading towards a zero-tolerance and zero-comprise.

It is doable, it is not costly and it should be part of the enterprise architecture and DNA from day one. While I think Apple is doing the right thing and Apple tight lipped about latest security patch is the right way to go, sharing information with the industry may also help others to participate and understand the seriousness of the issue.

I am a Cyber Security professional and a tech enthusiast, and like to write about Science, Technology and Cybersecurity. If you like stories on Cyber Security please feel free to click here.

To check the original story Click here