Apple’s decision to keep OS X and iOS as close to each other as possible when it comes to the underlying technology that powers them both has been beneficial to the firm in the past. Unfortunately that also means that some security holes found in one are likely to also be evident in the other, meaning both will require patching. Conventional wisdom says that if you have two platforms with the same security problem, you patch them both at the same time, but it seems nobody told the folks at Apple, leaving one security researcher to lay into the company over the matter.
Former Apple employee Kristin Paget, who worked in Cupertino as part of the Mac and iPhone maker’s security team, took to her blog in order to take Apple to task over what appears to be quite the security faux pas after it finally patched a collection of security holes in iOS, weeks after fixing the same problems in OS X.
Yesterday’s release of iOS 7.1.1 included a handful of security patches, with those patches having already been added to OS X as part of an update a few weeks ago. Apple’s plugging of the Mac-based holes basically outed the same problems in iOS in the process, leaving those carrying iPhones and iPads wide open to attack, and leaving Paget less than amused.
Is this how you do business? Drop a patch for one product that quite literally lists out, in order, the security vulnerabilities in your platform, and then fail to patch those weaknesses on your other range of products for weeks afterwards? You really don’t see anything wrong with this?
This isn’t the first time Apple has patched iOS and OS X out of sync. The infamous ‘goto fail’ SSL flaw that caused such a stir not long ago prompted the iOS 7.0.6 update, with that landing on a Friday. The Mac’s OS X 10.9.2 update – aimed at correcting the same mistake – didn’t arrive until the following Tuesday, leaving Mac users high and dry until then.
While it’s true that Apple does have limited resources on its software teams, we doubt that the OS X and iOS teams are one and the same. Apple will no doubt think that it has a good reason for the out-of-sync security updates, but we’re not sure everyone will agree with it.
(Source: Kristin Paget’s Blog)
You may also like to check out: