Ios 14.4

Anybody upgrade their iPhone to 12 with IOS 14.4.1 with a Dexcom G6? Does it work?

Hello and welcome! I am running 14.4 on an iPhone 8 and it runs fine. The G6 app seems to be a bit more of a battery hog, though.

Thanks for your reply. Did you have to reinstall the G6 App after upgrading the IOS to get it to work?

Thanks!!!

I upgraded to 14.4.1 on my iPhone XR and have not had any issues with the Dex app (didn’t touch it after the os update).

I’m running 14.4.1 on an iPhone SE 2020 without any issues.

I actually don’t remember!

No, it continued to work normally.

I’ve been sitting on 14.3 because Dexcom does not approve it. I’ve seen extensive reports of the “reinstall” issue, I don’t know if that is specific to the release or just a general issue with iThing upgrades.

I won’t be permitting my iPhone to upgrade so long as I am allowed to and so long as I haven’t seen at least 20 “it’s ok” comments (three so far). OR until Dexcom approve it.

My iPhone is my insulin management system. Why would I want to upgrade it when the manufacturer hasn’t approved the upgrade?

I’ve been using an iPhone 12 for about 4 and a half months, with no G6 problems in the Dexcom G6 app, t:Connect(Tandem), or SugarMate. I am running IOS 14.4.2 right now without trouble.SugarMate furnishes the Dexcom data to my Apple Watch properly, as expected.
I don’t know of any problems with IOS 14.

Dave

All iOS versions contain what seems to be a serious security issue for any app which has web support, details are still not available. Unfortunately Dexcom still have not verified behavior beyond 14.3.

The security fixes are why my strategy has always been to update early, but prepared to roll-back to the previous version if there’s an issue. I’d rather do that than wait for Dexcom to do their testing, under the assumption that any issue with the Dex app would be blatant, not subtle.

Apple says that 3 security issues were corrected with the release of IOS 14.4.2. Supposedly this corrects the vulnerability to “Zero Day”.
Of course, this has no immediate effect on Dexcom’s delay in approving IOS beyond 14.3.
Dave

It seems to be a general problem in their webkit code. It’s not clear if the same problem exists in the publicly available webkit; I haven’t seen anything coming down the pipe yet but I assume it is there too.

It affects a lot more than iPhones with iOS 14.x (x<4.2), for example. WRT that article MS and Google care because they both use WebCore; so I assume (no other evidence) that the issue is in WebCore.

The article I quoted contains more than enough information to tie down the point the problem was introduced; it is distressing that mitre are still hiding the details, but that is the way it has always been.

The article doesn’t point out that there are updates to earlier iOS versions (IRC iOS 1.13 and others).

I don’t know if Dexcom uses WebKit. It is quite likely; it’s the Harbor Freight of tools for the web.

El Reg hasn’t reported on this yet. I suspect that means that the secrecy is working; stopping credible news channels from getting meaningful information (leaving us to deduce what is going on from the links I have posted) is an essential marketing tool.

What I do know from what I have read is that it is a “memory corruption bug” which, apparently, permits introduction of control from a remote party (a code injection bug). Somewhere also stated that it was being “actively exploited” (quoted from monkey memory). The fact that El Reg is silent (they love to jump up and down on stupid bugs and chortle) and that the credible news media have not squeaked seems weird, but maybe it’s just a sign of the times.

FWIW a “zero day vulnerability” is one that is already know to crackers when it is announced; i.e. you have zero days to protect yourself.

Thank you. You have far more information about, and understanding of this security issue than I have. I’ll bow out of this conversation, and try to minimize web usage on my phone.

Dave

Limiting web usage seems a bit drastic, for instance Google just shut off 11 zero day vulnerabilities that one of our allies was using for a counter-terrorism operation. The vulnerabilities are out there regardless of platform, it is us just a game of whacking the moles as soon as they are found.

Some of those might be the same issue; this article suggests that there are three separate issues (not all zero-day?) in Blink, which is the Chrome version of WebCore, the part of WebKit used by Chrome and the new Microsoft browser. The CVE in the article is a different one to the currently undisclosed Apple one.

If you use Chrome go to Help/About Google Chrome today and it will update to the version with the fix (at least on W10 - on Gentoo I’m already 24 revisions on from that version). I don’t know how to update Chrome on an iPhone, or even check the current version, but there doesn’t seem to be an auto-update pending.

The issue seems to be that we have gone from a situation where crackers cherry picked vulnerabilities and really only targeted easy targets to one where pretty much every country on the planet employs crackers directly to target web sites, and users, that care about security.

In the old world, just a five or six years ago, it was very easy to recognize sites that were dubious (although quite a lot of people didn’t manage it) and avoiding those while being careful on other sites when left clicking the mouse offered pretty good security. In the new world the attacks may come from any site and may be incredibly difficult to see. It’s not enough not to work in the intelligence organizations; everyone is a potential target given that the computer systems backing these operations can easily index every person on the planet.