Apple Leaves Users Vulnerable By Not Fixing iOS and OS X Security Issues SimultaneouslyNotable computer security researcher Kristin Paget, who worked on Apple's security team before leaving for Tesla in early 2014, has
taken to her blog (via
Ars Technica) to criticize Apple for fixing more than a dozen security flaws in iOS weeks after patching them in OS X.
<img class="aligncenter size-full wp-image-409285" src="
http://cdn.macrumors.com/article-new/2014/04/mavericksios7.jpg" alt="mavericksios7" width="500" height="245" />
iOS 7.1.1, released yesterday, patched
multiple WebKit vulnerabilities that were
initially fixed in OS X with the release of Safari 7.0.3 on April 1. The delay between fixes, says Paget, alerted hackers to serious flaws potentially exploitable on Apple's mobile operating system and then gave hackers ample time to exploit the vulnerabilities.
Is this how you do business? Drop a patch for one product that quite literally lists out, in order, the security vulnerabilities in your platform, and then fail to patch those weaknesses on your other range of products for weeks afterwards? You really don't see anything wrong with this?
Someone tell me I'm not crazy here. Apple preaches the virtues of having the same kernel (and a bunch of other operating system goop) shared between two platforms – but then only patches those platforms one at a time, leaving the entire userbase of the other platform exposed to known security vulnerabilities for weeks at a time?
Addressing Apple, Paget goes on to write that Apple needs to sit in front of a chalkboard and write out "I will not use iOS to drop 0day on OSX, nor use OSX to drop 0day on iOS."
In addition to the WebKit vulnerabilities that were patched out of sync, Apple also recently exposed a major OS X flaw when patching the same flaw in iOS. Back in February, with the release of iOS 7.0.6, a major
SSL connection verification vulnerability came to light. Known as the "goto fail" bug, it left iOS and OS X users vulnerable to man-in-the-middle attacks where hackers could pose as a trusted website to intercept communications or acquire sensitive information.
Apple launched iOS 7.0.6 on a Friday, fixing the vulnerability on iOS but leaving OS X users vulnerable to attack until the following Tuesday, when it
released OS X 10.9.2 to patch the security flaw.
Recent Mac and iOS Blog Stories •
Catcher to Supply Apple With iPhone 6 Casings as Sales Estimates Climb to 70 Million •
Viber Updates iOS App with Redesigned User Interface, Multiple Media Sharing •
New Renders Show Off 'iPhone 6s' and 'iPhone 6c' Concepts •
Steve Jobs' Infamous Temper Lives on at Apple in Bug-Wrangler Kim Vorrath •
Apple Releases AirPort Extreme and Time Capsule Firmware Update 7.7.3 With Heartbleed Fix •
ElevationLab Debuts Aluminum Elevation Stand for iMac and Apple Displays •
Logitech Adds Multi-Angle Viewing to Ultrathin Keyboard, Launches New iPad Cases •
First Generation Apple TVs Once Again Able to Connect to iTunes<img width='1' height='1' src='
http://rss.feedsportal.com/c/35070/f/648327/s/39ad8473/sc/15/mf.gif' border='0'/><br clear='all'/>
<a href="
http://da.feedsportal.com/r/195505147808/u/49/f/648327/c/35070/s/39ad8473/sc/15/rc/1/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/195505147808/u/49/f/648327/c/35070/s/39ad8473/sc/15/rc/1/rc.img" border="0"/>[/url]
<a href="
http://da.feedsportal.com/r/195505147808/u/49/f/648327/c/35070/s/39ad8473/sc/15/rc/2/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/195505147808/u/49/f/648327/c/35070/s/39ad8473/sc/15/rc/2/rc.img" border="0"/>[/url]
<a href="
http://da.feedsportal.com/r/195505147808/u/49/f/648327/c/35070/s/39ad8473/sc/15/rc/3/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/195505147808/u/49/f/648327/c/35070/s/39ad8473/sc/15/rc/3/rc.img" border="0"/>[/url]
<img src="[url]http://da.feedsportal.com/r/195505147808/u/49/f/648327/c/35070/s/39ad8473/sc/15/a2.img" border="0"/>[/url]<img width="1" height="1" src="
http://pi.feedsportal.com/r/195505147808/u/49/f/648327/c/35070/s/39ad8473/sc/15/a2t.img" border="0"/><div class="feedflare">
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=yIl2AUoC8zA" border="0"></img>[/url]
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=6W8y8wAjSf4" border="0"></img>[/url]
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=qj6IDK7rITs" border="0"></img>[/url]
</div><img src="
http://feeds.feedburner.com/~r/MacRumors-Front/~4/6Pq7KurjXsg" height="1" width="1"/>
Source:
Apple Leaves Users Vulnerable By Not Fixing iOS and OS X Security Issues Simultaneously
