|
[OS X] Apple will not fix serious security issue in Lion/Mountain Lion/MavericksPerhaps they will change their minds if enough people pressure them: » appleinsider.com/article ··· avericksFor now, their recommendation is to immediately update to OS X 10.10.3. |
|
|
HiVolt Premium Member join:2000-12-28 Toronto, ON |
HiVolt
Premium Member
2015-Apr-10 10:45 pm
That's pathetic. Truly pathetic. |
|
lordpufferLegalize It Joe! Premium Member join:2004-09-19 Old Town, ME |
to daveinpoway
I had decided just today to stick with Mavericks until the next OS comes out. I may have to re-think this. |
|
|
to HiVolt
Two observations:
1) If it will be difficult/expensive for Apple to fix this in earlier operating systems, there must be a significant amount of code which needs to be be re-written and tested.
2) The guy who discovered this flaw should have told Apple and then kept it to himself. By publishing a detailed report, he alerted every hacker that the flaw exists and how to exploit it. There should be laws against this kind of disclosure. |
|
rugbyI think I know it all. join:2000-09-26 Plainfield, IN |
to daveinpoway
Apple's business practice for 99.99999% of any security issue has been to patch the production OS and the one previous to it. It's been this way forever. |
|
Riamen Premium Member join:2002-11-04 Calgary
1 recommendation |
Riamen
Premium Member
2015-Apr-11 10:45 am
Their more recent practice since going to annual releases is to patch the current version and the two previous versions. Mavericks and Mountain Lion should be patched too. |
|
|
Perhaps they will eventually change their minds and patch OS 10.8 and 10.9, but it is unknown if this will ever happen, so the safe course of action is to follow their advice and upgrade to Yosemite.
I switched over yesterday; I do not like the blue Finder folder icons and the changes in Safari are also upsetting, but I do not wish to put my Mac at risk, so there appears to be little choice. |
|
hardly Premium Member join:2004-02-10 USA |
to daveinpoway
Re: [OS X] Apple has not fixed RootPipe |
|
TitusMr Gradenko join:2004-06-26 |
to daveinpoway
Re: [OS X] Apple will not fix serious security issue in Lion/Mountain Lion/MavericksOne of those issues / threads that stuffs a virtual sock in apologists' mouthes. |
|
michieru Premium Member join:2009-07-25 Denver, CO
1 recommendation |
to daveinpoway
Yeah I am not surprised. Microsoft has been trying to push people to the latest and greatest as well. It pisses off many people but it costs money to maintain legacy systems. Even with a free OS you still have stragglers. You still have users on XP and like it that way because that's what they know.
I can understand having some custom software on the server side of things that might need some rework but if it's just due to software compatibility the vendor is really the one who screwed you by not releasing a patch.
It's not unreasonable for any company to simply tell you to upgrade to the latest version of a piece of software. No need to patch when the OS is free. |
|
TitusMr Gradenko join:2004-06-26 |
Titus
Member
2015-Apr-22 6:33 am
said by michieru: It pisses off many people but it costs money to maintain legacy systems. Even with a free OS you still have stragglers. You still have users on XP and like it that way because that's what they know. I get that, but ML was released in July of 2012 and Mavericks in October of 2013. I don't think Win XP should be in the same thought. |
|
ptrowskiGot Helix? Premium Member join:2005-03-14 Woodstock, CT |
to daveinpoway
said by daveinpoway:2) The guy who discovered this flaw should have told Apple and then kept it to himself. By publishing a detailed report, he alerted every hacker that the flaw exists and how to exploit it. There should be laws against this kind of disclosure. Looks like they were alerted in October. |
|
|
to daveinpoway
I imagine they are working on a new OS, that's why they don't want to deal with patching up the current ones. As said before it isn't cost-productive to try to support older systems when you can pol your resources into the new system and sell it off like hotcakes. Actually, it's something that you may be able to suggest and gather feedback among your user base. Here is what I'm talking about: » support.helprace.com/i16 ··· r-praise |
|
MospawMy socks don't match.
join:2001-01-08 New Braunfels, TX |
to daveinpoway
said by daveinpoway: The guy who discovered this flaw should have told Apple and then kept it to himself. By publishing a detailed report, he alerted every hacker that the flaw exists and how to exploit it. There should be laws against this kind of disclosure. According both the Apple Insider and Forbes articles, this was first disclosed to Apple in October. It sounds like the person who discovered this did the right thing. |
|
michieru Premium Member join:2009-07-25 Denver, CO |
to Titus
If each are major code revisions between each version then it should be looked upon that way and not based off the time of their release.
What Apple needs to do is come out with a software lifecycle page. If the intention is to have everyone upgrade to Yosemite then we can conclude that ML and Mavericks are considered obsolete software and insecure. If that's not the case then they must provide at minimum security patches for those systems regardless of the complexity.
If not then they can continue to face the bad PR and let them soak in it until something gives. |
|
TitusMr Gradenko join:2004-06-26
1 recommendation |
Titus
Member
2015-Apr-22 9:40 am
A lifecycle page is a good idea, but I cannot buy any argument as coherent that says an OS version barely 18 months old is obsolete because its maker has decided the resources to patch it are too high while said maker has a worth of $700 billion dollars. It's completely ludicrous on every conceivable level. |
|
bjf123We Want... A Shrubbery Premium Member join:2000-02-11 Hamilton, OH |
bjf123
Premium Member
2015-Apr-22 9:54 am
said by Titus:A lifecycle page is a good idea, but I cannot buy any argument as coherent that says an OS version barely 18 months old is obsolete because its maker has decided the resources to patch it are too high while said maker has a worth of $700 billion dollars. It's completely ludicrous on every conceivable level. This. I've got an old iMac that I can't afford to replace that also doesn't have enough space for Yosemite. It runs Mavericks quite well. I shouldn't have to upgrade this because they're not going to fix a serious security issue. If I was still running Snow Leopard, I'd agree that I should upgrade, but one version before the current should still be supported for security issues. |
|
|
WillRegSoon
Anon
2015-Apr-22 3:50 pm
said by bjf123: If I was still running Snow Leopard, I'd agree that I should upgrade Why? I still run it. It's stable with no issues. |
|
bjf123We Want... A Shrubbery Premium Member join:2000-02-11 Hamilton, OH |
bjf123
Premium Member
2015-Apr-22 5:05 pm
said by WillRegSoon :Why? I still run it. It's stable with no issues. Just saying that I can understand no longer supporting an OS that many years old. We still have it running on a few Mac minis in the office. All the other systems are running Mavericks. Got one mission critical app that doesn't play nice with Yosemite. Once that's updated, we'll upgrade everyone. |
|
|
to Mospaw
Yes, the guy did the right thing by disclosing it to Apple in October. He should not have released the details this year, however. Once he told Apple, he never should have revealed this to anybody else. |
|
MospawMy socks don't match.
join:2001-01-08 New Braunfels, TX |
I disagree with that. Reporting in and releasing on the same day is irresponsible. But six months is more than reasonable, especially if a fix is in place. And if that fix is not in place, and the company is dragging their feet, it's a good way to light that fire.
Apple's quality of software has absolutely stunk lately. Every release seems to be more carelessly put together than the previous stuff. This kind of security hole is inexcusable. |
|
|
Unfortunately, "lighting that fire" can put all of the users in danger, which is why I totally do not approve of applying pressure to a company in this manner.
Since the security flaw dates back to Lion, it is not possible to blame this on Apple being sloppy lately. Not knowing the details of the software, I cannot say if they should have discovered the problem when they developed Mountain Lion, Mavericks and Yosemite. |
|
michieru Premium Member join:2009-07-25 Denver, CO |
michieru
Premium Member
2015-Apr-22 10:40 pm
They are already at risk. Eventually the information will fall in the wrong hands and exploits will occur without public knowledge. It's an ultimatum for Apple since now the public is aware and they must react. At minimum a patch will be issued and the exploit will no longer function in the wild.
Security flaws should be taken very seriously if the world is going to revolve around technology and currently the lack of information and delay from Apple is unacceptable to all parties. Although I understand the reasoning for just telling people to upgrade towards Yosemite the other problem is that they never informed the public the lifecycle and support for the OS they currently have installed. |
|
|
While I seriously object to what the security researcher did, I agree that Apple is certainly not blameless. |
|
TitusMr Gradenko join:2004-06-26 |
to daveinpoway
I'll cop to not being happy with a few directions the company has taken, not the least of which is stuff like iTunes search results appearing top-most in Safari's dropdown when searching. Can you imagine the outrage if MS had top level search results pointing to something they owned? |
|
ptrowskiGot Helix? Premium Member join:2005-03-14 Woodstock, CT |
to daveinpoway
said by daveinpoway:Yes, the guy did the right thing by disclosing it to Apple in October. He should not have released the details this year, however. Once he told Apple, he never should have revealed this to anybody else. Come on now, 6 months is more than enough time. |
|
ptrowski |
to michieru
|
|
michieru Premium Member join:2009-07-25 Denver, CO
1 recommendation |
michieru
Premium Member
2015-Apr-23 7:51 pm
Yeah, it's an embarrassing one. Two things will happen.
1. Apple will slow it's roll and stabilize and patch the current code base which is Yosemite and advance it in other areas.
OR
2. Continue to keep the pace and provide sloppy code and half baked patches with quality and overall user experience dropping until issues are addressed. With a scar left behind from previous experience. |
|
ZyXEL VMG4381
4 edits |
to bjf123
Apple will not fix serious security issue in Lion/Mountain Lion/Maverickssaid by bjf123:said by Titus:A lifecycle page is a good idea, but I cannot buy any argument as coherent that says an OS version barely 18 months old is obsolete because its maker has decided the resources to patch it are too high while said maker has a worth of $700 billion dollars. It's completely ludicrous on every conceivable level. This. I've got an old iMac that I can't afford to replace that also doesn't have enough space for Yosemite. It runs Mavericks quite well. I shouldn't have to upgrade this because they're not going to fix a serious security issue. If I was still running Snow Leopard, I'd agree that I should upgrade, but one version before the current should still be supported for security issues. You could alway upgrade the hard drive in your i mac that would probably would be the cheapest option and their are retailers who sell the hard drives and parts exclusively for macs and have instructions and the tools you need to replace a hard drive in the mac computer you have. The one I use if I need parts or to upgrade components is www.macsales.com said by WillRegSoon :said by bjf123: If I was still running Snow Leopard, I'd agree that I should upgrade Why? I still run it. It's stable with no issues. If they are no longer patching the Operating system you are putting your self at risk. You could alway buy a security product for Snow Leopard if you still wanted to use it and keep your unpatched system secure. But It is unreasonable to expect any software company to support any operating system indefinitely and since apple has released Lion, Mountain Lion, Mavericks, Yosemite. It is unrealistic to expect apple still to make security patches and updates. Windows 98, Windows 2000, and Windows XP you could make the same argument as well it was a good reliable OS but their is a Time when you need to make a new operating system to keep up with new hardware standards, software standards, and also drop old standards that are not used anymore as well The bigger problem is that their are mac user's that are stuck either at Mac OS X Snow Leopard or Mac OS X Lion due to hardware limitations and can not upgrade to Yosemite I think they should consider upgrading their mac's either new or used that are capable of running Yosemite but at minimum they need to run an internet security software to keep their mac secure since apple is no longer patching Snow Leopard and I assume Lion will be joining that category pretty soon. |
|