Apple Leaves Users Vulnerable By Not Fixing iOS and OS X Security Issues Simultaneously
Notable computer security researcher Kristin Paget, who worked on Apple's security team before leaving for Tesla in early 2014, has taken to her blog (via Ars Technica) to criticize Apple for fixing more than a dozen security flaws in iOS weeks after patching them in OS X.
iOS 7.1.1, released yesterday, patched multiple WebKit vulnerabilities that were initially fixed in OS X with the release of Safari 7.0.3 on April 1. The delay between fixes, says Paget, alerted hackers to serious flaws potentially exploitable on Apple's mobile operating system and then gave hackers ample time to exploit the vulnerabilities.
Is this how you do business? Drop a patch for one product that quite literally lists out, in order, the security vulnerabilities in your platform, and then fail to patch those weaknesses on your other range of products for weeks afterwards? You really don't see anything wrong with this?
Someone tell me I'm not crazy here. Apple preaches the virtues of having the same kernel (and a bunch of other operating system goop) shared between two platforms – but then only patches those platforms one at a time, leaving the entire userbase of the other platform exposed to known security vulnerabilities for weeks at a time?
Addressing Apple, Paget goes on to write that Apple needs to sit in front of a chalkboard and write out "I will not use iOS to drop 0day on OSX, nor use OSX to drop 0day on iOS."
In addition to the WebKit vulnerabilities that were patched out of sync, Apple also recently exposed a major OS X flaw when patching the same flaw in iOS. Back in February, with the release of iOS 7.0.6, a major SSL connection verification vulnerability came to light. Known as the "goto fail" bug, it left iOS and OS X users vulnerable to man-in-the-middle attacks where hackers could pose as a trusted website to intercept communications or acquire sensitive information.
Apple launched iOS 7.0.6 on a Friday, fixing the vulnerability on iOS but leaving OS X users vulnerable to attack until the following Tuesday, when it released OS X 10.9.2 to patch the security flaw.
Popular Stories
Apple is preparing for Tim Cook to step down as CEO of the company "as soon as next year," according to the Financial Times.
The company's board of directors and senior executives "recently intensified preparations for Cook to hand over the reins," the report said.
While the report said that Apple is unlikely to name a new CEO before its next earnings report in late January, it went on to ...
Apple provided developers with the third beta of an upcoming iOS 26.2 update, and there are still new features that are being added with each beta that we get. We've rounded up all of the changes that Apple made in beta 3.
AirDrop
Apple added new AirDrop functionality, providing a way for two people to share files temporarily without having to add one another as contacts.
iOS 26.2...
Apple today released new firmware designed for the AirPods Pro 3, the AirPods 4, and the prior-generation AirPods Pro 2. The AirPods Pro 3 firmware is 8B25, while the AirPods Pro 2 and AirPods 4 firmware is 8B21, all up from the prior 8A358 firmware released in October.
There's no word on what's include in the updated firmware, but the AirPods Pro 2, AirPods 4 with ANC, and AirPods Pro 3...
We're officially in the month of Black Friday, which will take place on Friday, November 28 in 2025. As always, this will be the best time of the year to shop for great deals, including popular Apple products like AirPods, iPad, Apple Watch, and more. In this article, the majority of the discounts will be found on Amazon.
Note: MacRumors is an affiliate partner with some of these vendors. When ...
In select U.S. states, residents can add their driver's license or state ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age at select airports and businesses, and in select apps.
Starting this Wednesday, November 19, the feature will be available to residents of Illinois.
The announcement confirmed that the...
Apple today announced an expansion of AppleCare+ coverage in India, with new options for monthly and annual plans, and the addition of Theft and Loss for iPhone for the first time.
Options for monthly and annual AppleCare+ plans in India provide more choice and flexibility, allowing users to keep coverage for as long as they require. Apple's vice president of Worldwide iPhone Product...
Apple recently teamed up with Japanese fashion brand ISSEY MIYAKE to create the iPhone Pocket, a limited-edition knitted accessory designed to carry an iPhone.
iPhone Pocket is available to order on Apple's online store starting today, in the United States, France, China, Italy, Japan, Singapore, South Korea, and the United Kingdom. However, it is already completely sold out in the United...
Most of Apple's Macs are slated to get M5 chips across 2026, and there's a possibility we'll even see the first M6 chips toward the end of the year. Updates are planned for everything from the MacBook Air to the Mac Studio.
MacBook Air (Early 2026)
The MacBook Air will be one of the first Macs to get a 2026 refresh, with an update planned for the first few months of the year. The MacBook...
In his Power On newsletter today, Bloomberg's Mark Gurman reiterated that Tesla plans to add Apple CarPlay support to its vehicles "in the coming months."
This is easily the biggest news for the regular version of CarPlay in years, should Tesla actually follow through with offering the system in its vehicles.
As noted by Gurman, this would be a stunning reversal for Tesla and its CEO Elon ...
Starting with the upcoming tvOS 26.2 update, currently in beta, additional profiles created on the Apple TV no longer require their own Apple Account.
In the Settings app on the Apple TV, under Profiles and Accounts, anyone can create a new profile by simply entering a name and indicating whether the profile is for a kid. The profile will be associated with the primary user's Apple Account,...
