I did not say not to fix it. I am saying do not publish the flaws until iOS is repaired.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Leaves Users Vulnerable By Not Fixing iOS and OS X Security Issues Simultaneously
- Thread starter MacRumors
- Start date
- Sort by reaction score
I did not say not to fix it. I am saying do not publish the flaws until iOS is repaired.
You know they also say that you had to add the ip address of an attack server to your computer host file before that stolen server certificate would compromise your browsing security.
I think she is over reacting here.
I think she is over reacting here.
- Safari and Webkit should be updatable without updating the rest of the system. Browsers continue to be the most exploitable area on all platforms.
- Paget is not doing herself a favor, especially since she was either laid off or resigned from Apple. Generalizing her tone and set up a goal on how to approach this better for any company would've been better. If it was me hiring security researchers, Paget would be off my list instantly based on this post alone, regardless of how Apple is screwing up here.
- Apple needs to expand their resources. It's not funny anymore of how slow they are at fixing things. I don't care if Apple wants to run things like a bunch of startups. Even a successful startup generally knows how to scale properly to fit their installed base. There are at least 500 million iOS devices and 70 million of OS X users, Apple needs to stop acting as a startup and start growing up. Fix your issues, Apple!
QA takes time. There are a lot more combinations of things to test on Mac OS X than iOS.
I'd rather they follow their current practice of releasing when ready.
I'd rather they follow their current practice of releasing when ready.
This has nothing to do with QA. It is common sense that you do not disclose your security vulnerabilities until you fix it on all of your platforms.
That's all Paget is saying and she is right, Apple did screw up here.
Apple can fix their problems when ready but they should not disclose the security fixes until all of the platforms are updated first.
Oh come on Arn, by bashing Apple and your website's readers you are spitting in the plate from which you eat and biting the hand that feeds you at the same time.
And btw Macrumors has had it's fair deal of security issues with recent hacks and stolen passwords so don't act like you know it all.
Actually, with all due respect it's you who are missing the point. The point is that Apple SHOULD indeed hold off one releasing a set of security patches for one platform until the fixes for the other platform are ready. They need to be released simultaneously, even if that means holding one up. The exception would be if the security hole is already well known and publicized by a third party. But in most cases, the holes are not known until Apple issues the fixes.
Wow - don't you dare bring tesla into this you.. You apple apologist!
There I said it! Whew!
What's the difference between what he said and what you said???
If you are hired by another company, then you resign from your current employer. That's how it works.Yea, because brilliant engineers who can also "fit in" with the Apple culture totally just grows on trees and its all simply a matter of money
...
Pretty sure Apple's already thought of that. You know they are building a new campus, right? They can't even contain all the engineers they have right now.
I think it's way better to close the bugs as soon as they are fixed and not wait for all patches getting ready.
No. I work for a large software company that takes product security very seriously, and what she says is SOP here. As it should be at Apple.
Can you prove that?
----------
The point isn't the vulnerability itself. It's the approach. It's really not that complicated...
They need to separate updating the operating system and updating apps like safari, messages etc. This way updates can be shown the updates area of the app store and if users have it turned on will just get the app updated without notice.
Its a bit silly to update safari on my iphone they must release a major system update.
Its a bit silly to update safari on my iphone they must release a major system update.
you neednt to worry from this time call our toll free number our expertise technical team finds the certified & proved solution please call toll free @1-877-770-7726
This joke....yes? Sometime is hard tell from actual spam.
Pliss having nice day.
Johnsmith
You can look any of these vulnerabilities up by the CVE ID. Many of them have been around for a while.
If Google fixes a security bug in Chrome, then it might tip off the bad guys that other webkit browsers have the same problem. Nobody complains when those browsers aren't all updated at the same time.
I realize that the way Apple is doing this isn't ideal, but it's probably not a big deal. Most of these vulnerabilities were probably already known by hackers anyway.
What am I missing?
I was also facing the same security iisues in my Osx but i contacted Apple But didnt get any solution but then suddenly i got Technical Security Experts number from my friend who works for CIA & Microsoft.
That guy helped me to resolve my issue without so much cost and he also gave me the Customer id .with that customer id i can login and see what they charged and how much and for what and how they help our USA peoples.
Their Toll Free number is +1-877-770-7726 and if you pass this message to your friends you will get 20% extra benifits from that guy.
love you Daniel froster.
That's really great to know, thanks! Now, if I were to wire you just $10,000 to cover your expenses, could I help you smuggle $100M out of your country for a fat 10% expediting fee?
Nutcases
Exactly. You're absolutely right. Despite what that nutcase blogger says and all these people who know absolutely nothing about coding say, you're right. It takes time. Believe it or not people, time exists. Sure, the kernels may be the same, but that doesn't mean the coding is EXACTLY the same. That's why there're different teams, because there is different coding. I know a lot about coding and so I know what I'm talking about when I say this. OS X and iOS may look similar and work similar, but they are different. How? Well, for one, Safari for Mac is coded for a keyboard and mouse, among other things. I'm glad there is at least person, the person I quoted, who knows this. Why don't all you other people, and take your bloggers with you (I despise them too), go on and bash someone who actually doesn't care about customers. At least Apple is trying. I want to see every one of you code TWO OS's and see how that works for ya, I bet 99.9 percent of you can't. I can though, and I know how difficult it is. I bet that stinking blogger can't either. Why don't y'all go bash samsung or google? They don't even release security updates... They don't care! No one ever says anything about them, they use a flawed OS that has thousands of malware and ships your data off to every single server it pleases!THATS A SECURITY ISSUE! So take your freaking blinders off and go bash them instead. I really wish apple would just stop selling I'm the US for a month, and just stop letting the US use iOS and Mac OS X for a month and then we'll see how people react when they find out they can't do squat without it. You people need to get a life and see the good. Apple's trying to be a good force and they get hammered with every little mistake. Samsungs a joke and of course, they don't get spoken about at all. I'm sick of all you, personally. Get a life. Except for you, person I quoted.
Exactly. You're absolutely right. Despite what that nutcase blogger says and all these people who know absolutely nothing about coding say, you're right. It takes time. Believe it or not people, time exists. Sure, the kernels may be the same, but that doesn't mean the coding is EXACTLY the same. That's why there're different teams, because there is different coding. I know a lot about coding and so I know what I'm talking about when I say this. OS X and iOS may look similar and work similar, but they are different. How? Well, for one, Safari for Mac is coded for a keyboard and mouse, among other things. I'm glad there is at least person, the person I quoted, who knows this. Why don't all you other people, and take your bloggers with you (I despise them too), go on and bash someone who actually doesn't care about customers. At least Apple is trying. I want to see every one of you code TWO OS's and see how that works for ya, I bet 99.9 percent of you can't. I can though, and I know how difficult it is. I bet that stinking blogger can't either. Why don't y'all go bash samsung or google? They don't even release security updates... They don't care! No one ever says anything about them, they use a flawed OS that has thousands of malware and ships your data off to every single server it pleases!THATS A SECURITY ISSUE! So take your freaking blinders off and go bash them instead. I really wish apple would just stop selling I'm the US for a month, and just stop letting the US use iOS and Mac OS X for a month and then we'll see how people react when they find out they can't do squat without it. You people need to get a life and see the good. Apple's trying to be a good force and they get hammered with every little mistake. Samsungs a joke and of course, they don't get spoken about at all. I'm sick of all you, personally. Get a life. Except for you, person I quoted.
