Kristin Paget, who once worked on the Apple iPhone security team in Cupertino, questioned Apple on her blog for a decision it made relating to recently discovered security issues on OS X and iOS. Usually, two separate products from the same company, with the same security issue, are fixed at the same time. Instead, Apple went ahead and fixed the OS X flaw first, waiting for this week's iOS 7.1.1 update to repair the problem on its mobile OS.
The same issue happened in reverse earlier this year, with the SSL flaw that affected both OS X and iOS. In that case, iOS was fixed first as iOS 7.0.6 resolved the problem on a Friday, and OS X 10.9.2 took care of the same problem the following Tuesday.
Paget's blog contains a no holds barred attack on her former employer, questioning why Apple apparently doesn't see anything wrong with how it has handled these bug fixes. Is her attack on Apple warranted, or is she making mountains over molehills? You can check out some of her comments below.
"Is this how you do business? Drop a patch for one product that quite literally lists out, in order, the security vulnerabilities in your platform, and then fail to patch those weaknesses on your other range of products for *weeks* afterwards? You really don’t see anything wrong with this?
Someone tell me I’m not crazy here. Apple preaches the virtues of having the same kernel (and a bunch of other operating system goop) shared between two platforms – but then only patches those platforms one at a time, leaving the entire userbase of the other platform exposed to known security vulnerabilities for weeks at a time?
In what world is this acceptable?"-Kristin Paget, former Apple employee
source: KristinPaget'sBlog via RedmondPie
No comments:
Post a Comment
(( مَا يَلْفِظُ مِنْ قَوْلٍ إِلَّا لَدَيْهِ رَقِيبٌ عَتِيدٌ))