dm on Nostr: What’s the rationale behind iOS requiring the screen lock password before allowing ...
What’s the rationale behind iOS requiring the screen lock password before allowing you to install an OS update?
The only thing I can think of is that an attacker with temporary access to an unlocked device can join it to a malicious network and serve a legit (signed) update image that happens to contain a vulnerability? Like a “Bring Your Own Vulnerable Driver”-style attack? But assuming iOS updates are monotonic (i.e. no downgrades), wouldn’t a user always be advised to install a signed update?
Or is the answer something more trivial, like, “because a UX designer proposed it”?
The only thing I can think of is that an attacker with temporary access to an unlocked device can join it to a malicious network and serve a legit (signed) update image that happens to contain a vulnerability? Like a “Bring Your Own Vulnerable Driver”-style attack? But assuming iOS updates are monotonic (i.e. no downgrades), wouldn’t a user always be advised to install a signed update?
Or is the answer something more trivial, like, “because a UX designer proposed it”?