My friend Brad pointed out in an email to me that Apple already patched the QuickTime vulnerability last week that was recently found at a security conference (spurned on by a $10k reward by 3Com.) That same vulnerability was later found to be present on more than just Mac OS X, specifically Windows (but not Vista interestingly enough.)
This week Microsoft is expecting to patch the serious vulnerability in it's DNS but surprisingly there's no mention of the vulnerability Apple has already patched.
So, is Apple just inherently faster at patching security vulnerabilities? Did Apple rush out a fix faster than normal because of the media exposure about this particular vulnerability? Or maybe Microsoft is either just slower at the process or too busy with their own backlog of security patches - or both? Not many would argue against claims that Microsoft Windows has many more vulnerability found compared to Mac OS X.
I'm sure Mac advocates will find comfort in this situation but I'm one that says comfort when it comes to security leads to mistakes and complacency. Maybe it's my security paranoia, maybe it's that I just don't want to give in about the security pros of the Mac. It's probably some of both, I'd truthfully say. In either case I still believe that a good amount of skepticism is warranted when it comes to security on any platform.
The bottom line in this situation though is 'hats off' to Apple for responding quickly to the vulnerability and getting it fixed so fast. Too bad we don't have some reliable and independent stats on how quick vendors like Microsoft and Apple are to respond to security vulnerabilities.
Mitchell,
"... but surprisingly there's no mention of the vulnerability Apple has already patched."
You do realize that there's nothing for Microsoft to patch in regards to this QuickTime vuln. The reason Apple had to release a patch is because QuickTime is an Apple Product.
Also... You have to realize that Microsoft has a mature patch release process... something that Apple still doesn't have (and has been knocked for in the past)... So Microsoft will take more time to get patches out... Businesses trust Microsoft products and need them for day to day activities... For that reason Microsoft has to properly test all patches before release. To do any less would be irresponsible. Also... Apple has very specific hardware requirements and limited software... They don't have nearly as much testing to do as Microsoft would.
Posted by: Tyler Reguly | May 08, 2007 at 12:46 AM
I will argue that the Mac OS has plenty of undiscovered vulnerabilities yet to be found! The perception of it being 'more secure' than Microsoft is a fallacy now; it is simply the result of the vast majority of skilled attackers not wanting to pay attention to exploiting a product with such a low market share - no $$$ to be made, just fame.
I refuse to believe that Apple's programmers are inherently better than Microsoft's, or anyone else's. They too, will make mistakes. The platform may make it harder to make certain mistakes, but, mistakes will be made - that's just human nature.
Apple continually touts how 'secure' it is, especially in those sophomoric television ads, reflecting a deep hubris and also, fear of the inevitable...
It's not just wi-fi drivers or Quicktime flaws.
I'll take Microsoft's mature patch process for business needs and Linux for other stuff. Macs are nice, don't get me wrong, but they are not invulnerable and anyone who thinks otherwise is simply, a fool.
Posted by: Bill Wildprett | May 08, 2007 at 09:57 AM