Buffalo, N.Y. (WBEN) - Apple has released a security update for their IOS system after the discovery of two day-zero vulnerabilities.
University of Buffalo's Clinical Assistant Professor of Management Science and Systems Kevin Cleary says the update isn't because of a data breach.
"What has happened is Apple, through various means, has probably determined 'there's a weakness in our code somewhere. There's a spot where we screwed up. There's something we didn't realize was going on, and now we need to kind of go back and fix that.' This process is very common across pretty much any piece of software that's out there. Microsoft, Apple, any of the big software makers, have this iterative process where, when they realize there's something wrong with the software, they need to kind of release these incremental fixes to then go out and fix whatever the issue is," stated Cleary in an interview with WBEN.
Cleary says Apple may have received intelligence of bad actors exploiting the vulnerabilities, which is why it's important to install the update as soon as possible.
"What this specific update is meant to fix is how the built in Safari web browsers, or other types of browsers on an iOS device, will will parse certain pieces of web code that comes down," stated Cleary. "So what that tells me is, you know, Apple probably is seeing this being used in the wild right now, and so they have to move quick to get as many people as possible to fix it before somebody potentially could fall victim to this and have their device compromised. We're always going to be in this ecosystem where we discover these goofy little things that happen and we need to fix them."
Cleary explains that in a perfect world, security flaws in software wouldn't exists, or would be caught before being released to the public. However, unfortunately, that's not the case here, and it should be expected to happen again in the future.
"I do think it's appropriate that we challenge software vendors to have good, secure code. But at the end of the day, writing a 100% secure piece of software is impossible. This is just the ecosystem. We kind of have to accept that when these little updates come out, we need to move quickly to be able to install those," stated Cleary.