Apple Leaves Users Vulnerable By Not Fixing iOS and OS X Security Issues Simultaneously
Notable computer security researcher Kristin Paget, who worked on Apple's security team before leaving for Tesla in early 2014, has taken to her blog (via Ars Technica) to criticize Apple for fixing more than a dozen security flaws in iOS weeks after patching them in OS X.

iOS 7.1.1, released yesterday, patched multiple WebKit vulnerabilities that were initially fixed in OS X with the release of Safari 7.0.3 on April 1. The delay between fixes, says Paget, alerted hackers to serious flaws potentially exploitable on Apple's mobile operating system and then gave hackers ample time to exploit the vulnerabilities.
Is this how you do business? Drop a patch for one product that quite literally lists out, in order, the security vulnerabilities in your platform, and then fail to patch those weaknesses on your other range of products for weeks afterwards? You really don't see anything wrong with this?
Someone tell me I'm not crazy here. Apple preaches the virtues of having the same kernel (and a bunch of other operating system goop) shared between two platforms – but then only patches those platforms one at a time, leaving the entire userbase of the other platform exposed to known security vulnerabilities for weeks at a time?
Addressing Apple, Paget goes on to write that Apple needs to sit in front of a chalkboard and write out "I will not use iOS to drop 0day on OSX, nor use OSX to drop 0day on iOS."
In addition to the WebKit vulnerabilities that were patched out of sync, Apple also recently exposed a major OS X flaw when patching the same flaw in iOS. Back in February, with the release of iOS 7.0.6, a major SSL connection verification vulnerability came to light. Known as the "goto fail" bug, it left iOS and OS X users vulnerable to man-in-the-middle attacks where hackers could pose as a trusted website to intercept communications or acquire sensitive information.
Apple launched iOS 7.0.6 on a Friday, fixing the vulnerability on iOS but leaving OS X users vulnerable to attack until the following Tuesday, when it released OS X 10.9.2 to patch the security flaw.
Popular Stories
iOS 16 will include new ways of interacting with the system and some "fresh Apple apps," Bloomberg's Mark Gurman has said, offering some more detail on what Apple has in store for the upcoming release of iOS and iPadOS set to be announced in a few weeks at WWDC. In the latest edition of his Power On newsletter, Gurman wrote that while iOS 16 is not likely to introduce a major face-lift to...
YouTuber Unbox Therapy has shared a hands-on look at the iPhone 14 Pro Max using what he claims is a one-to-one replica created by third-party case makers with access to detailed schematics and dimensions for Apple's new upcoming flagship smartphone.
As with the iPhone 13 Pro lineup, in 2022, we are expecting a 6.1-inch iPhone 14 Pro and a 6.7-inch iPhone 14 Pro Max, but this time the Pro...
Apple earlier this week announced the discontinuation of the iPod touch, and because it was the last iPod still available for purchase, its sunsetting effectively marks the end of the entire iPod lineup.
To send the iPod on its way, we thought it would be fun to take a look back at some of the most notable iPod releases over the last 21 years.
Original iPod (2001)
Introduced in October...
Apple today released macOS Monterey 12.4, the fourth major update to the macOS Monterey operating system that launched in October 2021. macOS Monterey 12.4 comes over two months after the launch of macOS Monterey 12.3, an update that added Universal Control.
The macOS Monterey 12.4 update can be downloaded on all eligible Macs using the Software Update section of System...
Apple today released iOS 15.5 and iPadOS 15.5, the fifth major updates to the iOS and iPadOS 15 operating systems that were initially released in September 2021. iOS and iPadOS 15.5 come a little over two months after the launch of iOS 15.4 and iPadOS 15.4.
The iOS 15.5 and iPadOS 15.5 updates can be downloaded for free and the software is available on all eligible devices over-the-air in...
Earlier this week, well-known Apple analyst Ming-Chi Kuo claimed that Apple plans to release at least one iPhone 15 model with a USB-C port in 2023. Now, in a follow-up tweet, he has claimed that accessories like AirPods, the MagSafe Battery Pack, and the Magic Keyboard/Mouse/Trackpad trio would also switch to USB-C in the "foreseeable future."
Both the iPhone and all of the aforementioned...
Apple today released tvOS 15.5, the fifth major update to the tvOS operating system that first launched in September 2021. tvOS 15.5 comes more than two months after the release of tvOS 15.4, an update that brought support for captive WiFi networks.
tvOS 15.5 can be downloaded over the air on the Apple TV through the Settings app by going to System > Software Update. Apple...
Top Rated Comments
You have a critical security bug on your iPhone.
Option 1: Apple tells the world about the security bug, and how to exploit it, but doesn't fix it for 1-3 weeks.
Option 2: Apple tells the world about the security bug at the moment they fix it.
Which would you prefer? Right now Apple's doing option #1.
arn
I don't think you read the article.
arn
What a terrible attempt at trolling.