August 2016
Does Apple's Cloud Key Vault Answer the Key Escrow Question? (24 August 2016)
Once Again, Don't Panic (25 August 2016)

Once Again, Don't Panic

25 August 2016

My Twitter feed is in an uproar over some newly discovered spyware that targets iOS with three zero-days. People are saying things like Patch your iPhone NOW!, everyone with an iphone should probably stop working and update to iOS 9.3.5 right now, iOS 9.3.5 is now out. Update like you’ve never updated before, and more. Yes, the flaws are serious. But for almost everyone, my advice is relax, don’t panic, and wait a day or two to make sure that the patch doesn’t have fatal flaws.

The flaws are indeed serious, but at least for the moment they’re in the hands of a small group of attackers, principally governments. If you think that some government is targeting you because you’re an investigative journalist, a human rights worker, an official of some other government who might have information of value, etc., then you should indeed update right away. Most of us aren’t in that category. We have passwords, credit cards, and bank accounts, but ordinary phishers and scam artists don’t have the attack tool yet and may never have it; the vulnerabilities alone are quite literally worth millions of dollars.

So: yes, you should update your iPhones, iPads, and the like. But it’s probably not a crisis. (Why yes, journalists and activists are disproportionately represented in my Twitter feed. So are security people, who take things like this very personally…) Update soon, but for the average user it’s probably not an emergency.