dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
636
daveinpoway
Premium Member
join:2006-07-03
Poway, CA

daveinpoway

Premium Member

[OS X] Apple will not fix serious security issue in Lion/Mountain Lion/Mavericks

Perhaps they will change their minds if enough people pressure them: »appleinsider.com/article ··· avericks

For now, their recommendation is to immediately update to OS X 10.10.3.

HiVolt
Premium Member
join:2000-12-28
Toronto, ON

HiVolt

Premium Member

That's pathetic. Truly pathetic.

lordpuffer
Legalize It Joe!
Premium Member
join:2004-09-19
Old Town, ME

lordpuffer to daveinpoway

Premium Member

to daveinpoway
I had decided just today to stick with Mavericks until the next OS comes out. I may have to re-think this.
daveinpoway
Premium Member
join:2006-07-03
Poway, CA

daveinpoway to HiVolt

Premium Member

to HiVolt
Two observations:

1) If it will be difficult/expensive for Apple to fix this in earlier operating systems, there must be a significant amount of code which needs to be be re-written and tested.

2) The guy who discovered this flaw should have told Apple and then kept it to himself. By publishing a detailed report, he alerted every hacker that the flaw exists and how to exploit it. There should be laws against this kind of disclosure.
rugby
I think I know it all.
join:2000-09-26
Plainfield, IN

rugby to daveinpoway

Member

to daveinpoway
Apple's business practice for 99.99999% of any security issue has been to patch the production OS and the one previous to it. It's been this way forever.
Riamen
Premium Member
join:2002-11-04
Calgary

1 recommendation

Riamen

Premium Member

Their more recent practice since going to annual releases is to patch the current version and the two previous versions. Mavericks and Mountain Lion should be patched too.
daveinpoway
Premium Member
join:2006-07-03
Poway, CA

daveinpoway

Premium Member

Perhaps they will eventually change their minds and patch OS 10.8 and 10.9, but it is unknown if this will ever happen, so the safe course of action is to follow their advice and upgrade to Yosemite.

I switched over yesterday; I do not like the blue Finder folder icons and the changes in Safari are also upsetting, but I do not wish to put my Mac at risk, so there appears to be little choice.
hardly
Premium Member
join:2004-02-10
USA

hardly to daveinpoway

Premium Member

to daveinpoway

Re: [OS X] Apple has not fixed RootPipe

»www.forbes.com/sites/tho ··· ootpipe/

Titus
Mr Gradenko
join:2004-06-26

Titus to daveinpoway

Member

to daveinpoway

Re: [OS X] Apple will not fix serious security issue in Lion/Mountain Lion/Mavericks

One of those issues / threads that stuffs a virtual sock in apologists' mouthes.

michieru
Premium Member
join:2009-07-25
Denver, CO

1 recommendation

michieru to daveinpoway

Premium Member

to daveinpoway
Yeah I am not surprised. Microsoft has been trying to push people to the latest and greatest as well. It pisses off many people but it costs money to maintain legacy systems. Even with a free OS you still have stragglers. You still have users on XP and like it that way because that's what they know.

I can understand having some custom software on the server side of things that might need some rework but if it's just due to software compatibility the vendor is really the one who screwed you by not releasing a patch.

It's not unreasonable for any company to simply tell you to upgrade to the latest version of a piece of software. No need to patch when the OS is free.

Titus
Mr Gradenko
join:2004-06-26

Titus

Member

said by michieru:

It pisses off many people but it costs money to maintain legacy systems. Even with a free OS you still have stragglers. You still have users on XP and like it that way because that's what they know.

I get that, but ML was released in July of 2012 and Mavericks in October of 2013. I don't think Win XP should be in the same thought.

ptrowski
Got Helix?
Premium Member
join:2005-03-14
Woodstock, CT

ptrowski to daveinpoway

Premium Member

to daveinpoway
said by daveinpoway:

2) The guy who discovered this flaw should have told Apple and then kept it to himself. By publishing a detailed report, he alerted every hacker that the flaw exists and how to exploit it. There should be laws against this kind of disclosure.

Looks like they were alerted in October.
JCott
join:2015-04-22

JCott to daveinpoway

Member

to daveinpoway
I imagine they are working on a new OS, that's why they don't want to deal with patching up the current ones. As said before it isn't cost-productive to try to support older systems when you can pol your resources into the new system and sell it off like hotcakes.

Actually, it's something that you may be able to suggest and gather feedback among your user base. Here is what I'm talking about: »support.helprace.com/i16 ··· r-praise

Mospaw
My socks don't match.

join:2001-01-08
New Braunfels, TX

Mospaw to daveinpoway

to daveinpoway
said by daveinpoway:

The guy who discovered this flaw should have told Apple and then kept it to himself. By publishing a detailed report, he alerted every hacker that the flaw exists and how to exploit it. There should be laws against this kind of disclosure.

According both the Apple Insider and Forbes articles, this was first disclosed to Apple in October. It sounds like the person who discovered this did the right thing.

michieru
Premium Member
join:2009-07-25
Denver, CO

michieru to Titus

Premium Member

to Titus
If each are major code revisions between each version then it should be looked upon that way and not based off the time of their release.

What Apple needs to do is come out with a software lifecycle page. If the intention is to have everyone upgrade to Yosemite then we can conclude that ML and Mavericks are considered obsolete software and insecure. If that's not the case then they must provide at minimum security patches for those systems regardless of the complexity.

If not then they can continue to face the bad PR and let them soak in it until something gives.

Titus
Mr Gradenko
join:2004-06-26

1 recommendation

Titus

Member

A lifecycle page is a good idea, but I cannot buy any argument as coherent that says an OS version barely 18 months old is obsolete because its maker has decided the resources to patch it are too high while said maker has a worth of $700 billion dollars. It's completely ludicrous on every conceivable level.

bjf123
We Want... A Shrubbery
Premium Member
join:2000-02-11
Hamilton, OH

bjf123

Premium Member

said by Titus:

A lifecycle page is a good idea, but I cannot buy any argument as coherent that says an OS version barely 18 months old is obsolete because its maker has decided the resources to patch it are too high while said maker has a worth of $700 billion dollars. It's completely ludicrous on every conceivable level.

This. I've got an old iMac that I can't afford to replace that also doesn't have enough space for Yosemite. It runs Mavericks quite well. I shouldn't have to upgrade this because they're not going to fix a serious security issue. If I was still running Snow Leopard, I'd agree that I should upgrade, but one version before the current should still be supported for security issues.

WillRegSoon
@optonline.net

WillRegSoon

Anon

said by bjf123:

If I was still running Snow Leopard, I'd agree that I should upgrade

Why? I still run it. It's stable with no issues.

bjf123
We Want... A Shrubbery
Premium Member
join:2000-02-11
Hamilton, OH

bjf123

Premium Member

said by WillRegSoon :

Why? I still run it. It's stable with no issues.

Just saying that I can understand no longer supporting an OS that many years old. We still have it running on a few Mac minis in the office. All the other systems are running Mavericks. Got one mission critical app that doesn't play nice with Yosemite. Once that's updated, we'll upgrade everyone.
daveinpoway
Premium Member
join:2006-07-03
Poway, CA

daveinpoway to Mospaw

Premium Member

to Mospaw
Yes, the guy did the right thing by disclosing it to Apple in October. He should not have released the details this year, however. Once he told Apple, he never should have revealed this to anybody else.

Mospaw
My socks don't match.

join:2001-01-08
New Braunfels, TX

Mospaw

I disagree with that. Reporting in and releasing on the same day is irresponsible. But six months is more than reasonable, especially if a fix is in place. And if that fix is not in place, and the company is dragging their feet, it's a good way to light that fire.

Apple's quality of software has absolutely stunk lately. Every release seems to be more carelessly put together than the previous stuff. This kind of security hole is inexcusable.
daveinpoway
Premium Member
join:2006-07-03
Poway, CA

daveinpoway

Premium Member

Unfortunately, "lighting that fire" can put all of the users in danger, which is why I totally do not approve of applying pressure to a company in this manner.

Since the security flaw dates back to Lion, it is not possible to blame this on Apple being sloppy lately. Not knowing the details of the software, I cannot say if they should have discovered the problem when they developed Mountain Lion, Mavericks and Yosemite.

michieru
Premium Member
join:2009-07-25
Denver, CO

michieru

Premium Member

They are already at risk. Eventually the information will fall in the wrong hands and exploits will occur without public knowledge. It's an ultimatum for Apple since now the public is aware and they must react. At minimum a patch will be issued and the exploit will no longer function in the wild.

Security flaws should be taken very seriously if the world is going to revolve around technology and currently the lack of information and delay from Apple is unacceptable to all parties. Although I understand the reasoning for just telling people to upgrade towards Yosemite the other problem is that they never informed the public the lifecycle and support for the OS they currently have installed.
daveinpoway
Premium Member
join:2006-07-03
Poway, CA

daveinpoway

Premium Member

While I seriously object to what the security researcher did, I agree that Apple is certainly not blameless.

Titus
Mr Gradenko
join:2004-06-26

Titus to daveinpoway

Member

to daveinpoway
I'll cop to not being happy with a few directions the company has taken, not the least of which is stuff like iTunes search results appearing top-most in Safari's dropdown when searching. Can you imagine the outrage if MS had top level search results pointing to something they owned?

ptrowski
Got Helix?
Premium Member
join:2005-03-14
Woodstock, CT

ptrowski to daveinpoway

Premium Member

to daveinpoway
said by daveinpoway:

Yes, the guy did the right thing by disclosing it to Apple in October. He should not have released the details this year, however. Once he told Apple, he never should have revealed this to anybody else.

Come on now, 6 months is more than enough time.
ptrowski

ptrowski to michieru

Premium Member

to michieru
You mean like this new one for the iphone?

»iOS Flaw Lets Attacker Reboot All iOS Devices in Wi-Fi Range [28] comments

michieru
Premium Member
join:2009-07-25
Denver, CO

1 recommendation

michieru

Premium Member

Yeah, it's an embarrassing one. Two things will happen.

1. Apple will slow it's roll and stabilize and patch the current code base which is Yosemite and advance it in other areas.

OR

2. Continue to keep the pace and provide sloppy code and half baked patches with quality and overall user experience dropping until issues are addressed. With a scar left behind from previous experience.
techguru306
join:2015-02-11
Cincinnati, OH
ZyXEL VMG4381

4 edits

techguru306 to bjf123

Member

to bjf123

Apple will not fix serious security issue in Lion/Mountain Lion/Mavericks

said by bjf123:

said by Titus:

A lifecycle page is a good idea, but I cannot buy any argument as coherent that says an OS version barely 18 months old is obsolete because its maker has decided the resources to patch it are too high while said maker has a worth of $700 billion dollars. It's completely ludicrous on every conceivable level.

This. I've got an old iMac that I can't afford to replace that also doesn't have enough space for Yosemite. It runs Mavericks quite well. I shouldn't have to upgrade this because they're not going to fix a serious security issue. If I was still running Snow Leopard, I'd agree that I should upgrade, but one version before the current should still be supported for security issues.

You could alway upgrade the hard drive in your i mac that would probably would be the cheapest option and their are retailers who sell the hard drives and parts exclusively for macs and have instructions and the tools you need to replace a hard drive in the mac computer you have. The one I use if I need parts or to upgrade components is www.macsales.com
said by WillRegSoon :

said by bjf123:

If I was still running Snow Leopard, I'd agree that I should upgrade

Why? I still run it. It's stable with no issues.

If they are no longer patching the Operating system you are putting your self at risk. You could alway buy a security product for Snow Leopard if you still wanted to use it and keep your unpatched system secure. But It is unreasonable to expect any software company to support any operating system indefinitely and since apple has released Lion, Mountain Lion, Mavericks, Yosemite. It is unrealistic to expect apple still to make security patches and updates. Windows 98, Windows 2000, and Windows XP you could make the same argument as well it was a good reliable OS but their is a Time when you need to make a new operating system to keep up with new hardware standards, software standards, and also drop old standards that are not used anymore as well
said by daveinpoway:

Perhaps they will change their minds if enough people pressure them: »appleinsider.com/article ··· avericks

For now, their recommendation is to immediately update to OS X 10.10.3.

The bigger problem is that their are mac user's that are stuck either at Mac OS X Snow Leopard or Mac OS X Lion due to hardware limitations and can not upgrade to Yosemite I think they should consider upgrading their mac's either new or used that are capable of running Yosemite but at minimum they need to run an internet security software to keep their mac secure since apple is no longer patching Snow Leopard and I assume Lion will be joining that category pretty soon.