Security

Apple security update policies may spell problems for businesses

Apple issued a fix to address a recent digital certificate hack that left users vulnerable to fraudulent certificates -- but only for newer systems. Where does this leave Tiger and Leopard users?

In the wake of the recent DigiNotar hack that left users vulnerable to fraudulent digital certificates, most companies moved to patch vulnerabilities and/or revoke trust in the DigiNotar-signed certificates -- Adobe, Mozilla, Google and Microsoft among them. Apple was a little slower with its security update to address the problem, which caused some grumbling, but when they did issue a fix last Friday, it was only for newer systems. Older versions of the Mac OS -- Leopard and Tiger -- will not receive a security update, leaving some Safari users open to the vulnerability.

ZDNet UK's Ben Woods makes the good point that this decision leaves users with older systems having to fend for themselves -- something that many businesses with perfectly good, but older Macs, are not likely to be happy about. He quotes security researcher Joshua Long on the problem:

"Those who purchased a pre-Intel Xserve in October 2006 have only owned them for 4 years and 11 months, and those who purchased a Power Macintosh G5 in July 2006 have only owned them for a little over 5 years," Long said. "Most of these machines are still running perfectly fine, but Apple has completely cut them off from being able to receive critical security updates ever again."

Long also noted that updates for Safari and QuickTime would not be sufficient for Leopard users without the OS update. The recommended mitigation is to manually remove the DigiNotar Root CA certificate from the Apple Keychain, although in this Ars Technica post, security researcher Ryan Sleevi noted that simply removing it isn't enough to completely protect a user -- modifications to the system trust store via the command line are also required.

What do you think of Apple's decision to patch only the newest systems? Do you think it's a trend that is likely to continue, and how will this affect business decisions to deploy Macs?

About

Selena has been at TechRepublic since 2002. She is currently a Senior Editor with a background in technical writing, editing, and research. She edits Data Center, Linux and Open Source, Apple in the Enterprise, The Enterprise Cloud, Web Designer, and...

4 comments
TheShawnThomas
TheShawnThomas like.author.displayName 1 Like

Unfortunately this has been a problem with Apple OS for a while now, only supporting the current the current 2 OS's (released every 1.5 years!). They have your money, time to move on to the next victim (er, customer)... It's almost like it is assumed that if you can afford to purchase a mac in the first place that you don't mind spending that money to replace perfectly usable computer every 3 years. Do I want apple to give me new features in that old OS? Of course not. But security fixes? Absolutely! Because those "outdated" computers ARE going to get used, so not only are they hurting their user base that would like to continue using Apple computers but is being forced into this situation, but these insecure computers also hurt everyone because they make it easier for the bad people to attack others with their bot armys made easier with no updates like these.

TNT
TNT like.author.displayName 1 Like

PC users have been spoiled by Microsoft providing security patches for its 11-year-old OS (XP) but honestly if your OS is more than a couple upgrades behind I wouldn't hold the OS developer responsible for further updates. Upgrade if you want the latest in security, otherwise you're on your own. As for Enterprise response, most plan to replace PC's every 3-5 years anyway, so this has little to no impact on them.

Lazarus439
Lazarus439 like.author.displayName 1 Like

In your dreams!!! Where do you work to have that sort of money??? Also, XP aside, Microsoft will support Vista/SP2 through April 2014 (http://windows.microsoft.com/en-us/windows/products/lifecycle). That's just over 7 years from when Vista was released. Yes, you have to upgrade to SP2, but that's a FREE upgrade. Let me see here: evil, ugly, greedy Microsoft is supporting it's OS offerings for over 7 years from initial offering. Golden, glowing, pristine Apple cuts its customers off at 5 years. Tell me again why so many are so in love with Apple???

cnieves
cnieves

most large companies replace their computers every 3 to five years. this is customary. even some small business do it as well. if you have a company with more than 50 employees and you buy the machines for example, from dell, you can replace the computers for about $300 a person which is very cheap. Macs get the same treatment on most businesses. i have customers that have print shops and they have macs for their desingn rooms. they get them replaced or upgraded every two years so they can keep up with the design appiications they run. a business even a small one that runs on a computer that is older than five years old, is a business that will not last long. he who has the latest survives this economy. any weakness on this economy and your comany goes down the tubes.

Editor's Picks