Frequent readers of this blog will recall that I’ve written about Kristin Paget in the past. She was hired by Apple from Microsoft to beef up their security. She’s since left Apple to go to work for Tesla Motors. But not before firing a shot at Apple about how it handles security. Specifically, the fact that Apple tends to fix problems in one of their operating systems, but not both at the same time. Thus leaving users exposed to issues. Plus because Apple does document what they fixed, hackers can then attack the unpatched OS. Here’s what she had to say on her blog. Warning, there’s a four letter word in the quote:
Seriously, Apple – what the fuck?
Is this how you do business? Drop a patch for one product that quite literally lists out, in order, the security vulnerabilities in your platform, and then fail to patch those weaknesses on your other range of products for *weeks* afterwards? You really don’t see anything wrong with this?
Someone tell me I’m not crazy here. Apple preaches the virtues of having the same kernel (and a bunch of other operating system goop) shared between two platforms – but then only patches those platforms one at a time, leaving the entire userbase of the other platform exposed to known security vulnerabilities for weeks at a time?
In what world is this acceptable?
She has a point. Back in February Apple fixed an major SSL bug in iOS, but it took two weeks to implement the same fix in OS X. Meanwhile anyone could have been exploiting the bug. That’s a #fail in my books. I’ve been very critical in the past about Apple’s nonchalant attitude towards security. Perhaps it’s time that Tim Cook and company step up to the plate and do something about that.
Like this:
Like Loading...
Related
This entry was posted on April 23, 2014 at 10:58 pm and is filed under Commentary with tags Apple, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Ex-Apple Employee Rips Apple Over Its Security
Frequent readers of this blog will recall that I’ve written about Kristin Paget in the past. She was hired by Apple from Microsoft to beef up their security. She’s since left Apple to go to work for Tesla Motors. But not before firing a shot at Apple about how it handles security. Specifically, the fact that Apple tends to fix problems in one of their operating systems, but not both at the same time. Thus leaving users exposed to issues. Plus because Apple does document what they fixed, hackers can then attack the unpatched OS. Here’s what she had to say on her blog. Warning, there’s a four letter word in the quote:
Seriously, Apple – what the fuck?
Is this how you do business? Drop a patch for one product that quite literally lists out, in order, the security vulnerabilities in your platform, and then fail to patch those weaknesses on your other range of products for *weeks* afterwards? You really don’t see anything wrong with this?
Someone tell me I’m not crazy here. Apple preaches the virtues of having the same kernel (and a bunch of other operating system goop) shared between two platforms – but then only patches those platforms one at a time, leaving the entire userbase of the other platform exposed to known security vulnerabilities for weeks at a time?
In what world is this acceptable?
She has a point. Back in February Apple fixed an major SSL bug in iOS, but it took two weeks to implement the same fix in OS X. Meanwhile anyone could have been exploiting the bug. That’s a #fail in my books. I’ve been very critical in the past about Apple’s nonchalant attitude towards security. Perhaps it’s time that Tim Cook and company step up to the plate and do something about that.
Share this:
Like this:
Related
This entry was posted on April 23, 2014 at 10:58 pm and is filed under Commentary with tags Apple, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.