x PhoneArena is looking for new authors! To view all available positions, click here.
  • Home
  • News
  • Former Apple employee takes Apple to task for delay in sending out security patch for iOS

Former Apple employee takes Apple to task for delay in sending out security patch for iOS

Posted: , by Alan F.

Tags:

Former Apple employee takes Apple to task for delay in sending out security patch for iOS
Kristin Paget, who once worked on the Apple iPhone security team in Cupertino, questioned Apple on her blog for a decision it made relating to recently discovered security issues on OS X and iOS. Usually, two separate products from the same company, with the same security issue, are fixed at the same time. Instead, Apple went ahead and fixed the OS X flaw first, waiting for this week's iOS 7.1.1 update to repair the problem on its mobile OS.

The same issue happened in reverse earlier this year, with the SSL flaw that affected both OS X and iOS. In that case, iOS was fixed first as iOS 7.0.6 resolved the problem on a Friday, and OS X 10.9.2 took care of the same problem the following Tuesday.

Paget's blog contains a no holds barred attack on her former employer, questioning why Apple apparently doesn't see anything wrong with how it has handled these bug fixes. Is her attack on Apple warranted, or is she making mountains over molehills? You can check out some of her comments below.

"Is this how you do business? Drop a patch for one product that quite literally lists out, in order, the security vulnerabilities in your platform, and then fail to patch those weaknesses on your other range of products for *weeks* afterwards? You really don’t see anything wrong with this?

Someone tell me I’m not crazy here. Apple preaches the virtues of having the same kernel (and a bunch of other operating system goop) shared between two platforms – but then only patches those platforms one at a time, leaving the entire userbase of the other platform exposed to known security vulnerabilities for weeks at a time?

In what world is this acceptable?"-Kristin Paget, former Apple employee

source: KristinPaget'sBlog via RedmondPie

10 Comments
  • Options
    Close




posted on 24 Apr 2014, 00:22 1

1. techperson211 (Posts: 440; Member since: 27 Feb 2014)


Now where are the comments here?

posted on 24 Apr 2014, 08:23

8. PhoneArenaUser (Posts: 5461; Member since: 05 Aug 2011)


"President Obama says that he can't own an Apple iPhone for security reasons"

http://www.phonearena.com/news/President-Obama-says-that-he-cant-own-an-Apple-iPhone-for-security-reasons_id50013

posted on 24 Apr 2014, 00:34 4

2. 0xFFFF (Posts: 2024; Member since: 16 Apr 2014)


Apple took a long time trying to think of some way to blame the customers -- "you are SSLing it wrong" -- but failed to come up with something that believed they would get away with.

Kristin -- isn't this a normal aspect of owning Apple products? I am surprised that you are surprised, having worked there and all.

posted on 24 Apr 2014, 01:05 2

3. BCMWorld (Posts: 22; Member since: 24 Mar 2014)


When you our of Apple and when you done using iOS, that's only when you will realize that the walled garden is bugs ridden nonstop

posted on 24 Apr 2014, 03:52 4

5. SuperMaoriBro (Posts: 255; Member since: 23 Jun 2012)


i've read and reread post #3 and I still have no idea what you are actually trying to say. Can the people who thumbed it up please translate? cheers

posted on 24 Apr 2014, 07:04 1

7. jroc74 (Posts: 4720; Member since: 30 Dec 2010)


Probably thumbed up because of wall garden, bugs ridden....

I will try to decipher it tho, I think it meant:

"when you get out of Apple and are done using iOS....thats when you realize the walled garden is bug ridden non stop."

posted on 24 Apr 2014, 14:04 2

10. networkdood (Posts: 6250; Member since: 31 Mar 2010)


not bad!!! Or, maybe he just means when you are with it long enough you will learn that there are plenty of issues that constantly afflict the OS...

posted on 24 Apr 2014, 01:51 2

4. networkdood (Posts: 6250; Member since: 31 Mar 2010)


This is kind of what Microsoft does - it knows of the security issues with its OS and purposely leaves it open - in Microsoft's case they did that for the NSA....

posted on 24 Apr 2014, 07:01 1

6. jroc74 (Posts: 4720; Member since: 30 Dec 2010)


"Someone tell me I’m not crazy here. Apple preaches the virtues of having the same kernel (and a bunch of other operating system goop) shared between two platforms – but then only patches those platforms one at a time, leaving the entire userbase of the other platform exposed to known security vulnerabilities for weeks at a time?"

She does make a good point here....

Learn something new everyday it seems... I didnt even know that about the kernel..

posted on 24 Apr 2014, 11:38 1

9. flipjzn (Posts: 126; Member since: 22 Jun 2012)


iOs for phones and OSX for computers, I don't see anything wrong if they don't release updates for both at the same time. Different people are in charge different fixes and processes.
Oh well.

Want to comment? Please login or register.

Latest stories