Apple Leaves Users Vulnerable By Not Fixing iOS and OS X Security Issues Simultaneously - MacRumors
Skip to Content

Apple Leaves Users Vulnerable By Not Fixing iOS and OS X Security Issues Simultaneously

by

Notable computer security researcher Kristin Paget, who worked on Apple's security team before leaving for Tesla in early 2014, has taken to her blog (via Ars Technica) to criticize Apple for fixing more than a dozen security flaws in iOS weeks after patching them in OS X.

mavericksios7
iOS 7.1.1, released yesterday, patched multiple WebKit vulnerabilities that were initially fixed in OS X with the release of Safari 7.0.3 on April 1. The delay between fixes, says Paget, alerted hackers to serious flaws potentially exploitable on Apple's mobile operating system and then gave hackers ample time to exploit the vulnerabilities.

Is this how you do business? Drop a patch for one product that quite literally lists out, in order, the security vulnerabilities in your platform, and then fail to patch those weaknesses on your other range of products for weeks afterwards? You really don't see anything wrong with this?

Someone tell me I'm not crazy here. Apple preaches the virtues of having the same kernel (and a bunch of other operating system goop) shared between two platforms – but then only patches those platforms one at a time, leaving the entire userbase of the other platform exposed to known security vulnerabilities for weeks at a time?

Addressing Apple, Paget goes on to write that Apple needs to sit in front of a chalkboard and write out "I will not use iOS to drop 0day on OSX, nor use OSX to drop 0day on iOS."

In addition to the WebKit vulnerabilities that were patched out of sync, Apple also recently exposed a major OS X flaw when patching the same flaw in iOS. Back in February, with the release of iOS 7.0.6, a major SSL connection verification vulnerability came to light. Known as the "goto fail" bug, it left iOS and OS X users vulnerable to man-in-the-middle attacks where hackers could pose as a trusted website to intercept communications or acquire sensitive information.

Apple launched iOS 7.0.6 on a Friday, fixing the vulnerability on iOS but leaving OS X users vulnerable to attack until the following Tuesday, when it released OS X 10.9.2 to patch the security flaw.

Popular Stories

Apple Card iPhone 16 Pro Feature

Apple Card Promo to Offer Free AirPods Pro 3

Friday May 15, 2026 8:59 am PDT by
Starting as early as next week, customers who sign up for an Apple Card at Apple's retail stores in the U.S. will receive $249 cash back when they purchase AirPods Pro 3, according to Bloomberg's Mark Gurman. The promotion has yet to be officially announced by Apple, so exact terms and conditions are not available at this time. AirPods Pro 3 are priced at $249 in the U.S., so customers who...
Read Full Article46 comments
Apple WWDC25 iOS 26 CarPlay Light mode 250609

Six Popular iPhone Apps Now Available on CarPlay

Thursday May 14, 2026 9:10 am PDT by
Apple's CarPlay system for accessing iPhone apps on a vehicle's dashboard screen has received six popular apps in recent weeks: ChatGPT, Perplexity, Grok, Google Meet, WhatsApp, and the indie artist streaming platform Audiomack. Make sure you have the latest version of each app and they will automatically appear on CarPlay. ChatGPT Starting with iOS 26.4, CarPlay supports voice-based...
Read Full Article29 comments
ipad mini 7 blue

OLED iPad Mini: Release Date, Pricing, and What to Expect

Thursday May 14, 2026 5:08 am PDT by
According to the latest rumors, Apple is close to launching its next-generation iPad mini. So what should we expect from the successor to the iPad mini 7 that Apple released over a year ago? Read on to find out. Processor and Performance Apple is working on a next-generation version of the iPad mini (codename J510/J511) that features the A19 Pro chip, according to information found in code...
Read Full Article87 comments

Top Rated Comments

arn Avatar
arn
158 months ago
I would rather them push out updates as soon as they are ready. Not wait for the other OS to catchup.

You have a critical security bug on your iPhone.

Option 1: Apple tells the world about the security bug, and how to exploit it, but doesn't fix it for 1-3 weeks.

Option 2: Apple tells the world about the security bug at the moment they fix it.

Which would you prefer? Right now Apple's doing option #1.

arn
Score: 29 Votes (Like | Disagree)
arn Avatar
arn
158 months ago
No company is perfect, and honestly, they're all pretty much the same.
I don't think you read the article.

Did iOS 7.1.1 and the recent Lion/ML/Mavericks Security Updates fix the same security issues? They both dropped yesterday, so maybe they've learnt their lesson.
I don't think you read the article.

arn
Score: 25 Votes (Like | Disagree)
I
iMerik
158 months ago
I would rather them push out updates as soon as they are ready. Not wait for the other OS to catch up.
But not if the one patch alerts baddies to the same unpatched vulnerability on the other platform, creating a 0day for your other platform.
Score: 16 Votes (Like | Disagree)
mdridwan47 Avatar
mdridwan47
158 months ago
Dammit Apple!

Score: 15 Votes (Like | Disagree)
christarp Avatar
christarp
158 months ago
Apple should also start building cars that explode on impact. Oh wait...

What a terrible attempt at trolling.
Score: 12 Votes (Like | Disagree)
R
Razeus
158 months ago
I'm still of the belief that Apple simply doesn't have enough software people to do all the things they need to do. Hence why it takes them so long to fix stuff. Well, at least not in a way that will affect their margins.
Score: 10 Votes (Like | Disagree)
Read All Comments