Apple security update policies may spell problems for businesses

Apple issued a fix to address a recent digital certificate hack that left users vulnerable to fraudulent certificates -- but only for newer systems. Where does this leave Tiger and Leopard users?

In the wake of the recent DigiNotar hack that left users vulnerable to fraudulent digital certificates, most companies moved to patch vulnerabilities and/or revoke trust in the DigiNotar-signed certificates -- Adobe, Mozilla, Google and Microsoft among them. Apple was a little slower with its security update to address the problem, which caused some grumbling, but when they did issue a fix last Friday, it was only for newer systems. Older versions of the Mac OS -- Leopard and Tiger -- will not receive a security update, leaving some Safari users open to the vulnerability.

ZDNet UK's Ben Woods makes the good point that this decision leaves users with older systems having to fend for themselves -- something that many businesses with perfectly good, but older Macs, are not likely to be happy about. He quotes security researcher Joshua Long on the problem:

"Those who purchased a pre-Intel Xserve in October 2006 have only owned them for 4 years and 11 months, and those who purchased a Power Macintosh G5 in July 2006 have only owned them for a little over 5 years," Long said. "Most of these machines are still running perfectly fine, but Apple has completely cut them off from being able to receive critical security updates ever again."

Long also noted that updates for Safari and QuickTime would not be sufficient for Leopard users without the OS update. The recommended mitigation is to manually remove the DigiNotar Root CA certificate from the Apple Keychain, although in this Ars Technica post, security researcher Ryan Sleevi noted that simply removing it isn't enough to completely protect a user -- modifications to the system trust store via the command line are also required.

What do you think of Apple's decision to patch only the newest systems? Do you think it's a trend that is likely to continue, and how will this affect business decisions to deploy Macs?


Selena has been at TechRepublic since 2002. She is currently a Senior Editor with a background in technical writing, editing, and research. She edits Data Center, Linux and Open Source, Apple in the Enterprise, The Enterprise Cloud, Web Designer, and...


Unfortunately this has been a problem with Apple OS for a while now, only supporting the current the current 2 OS's (released every 1.5 years!). They have your money, time to move on to the next victim (er, customer)... It's almost like it is assumed that if you can afford to purchase a mac in the first place that you don't mind spending that money to replace perfectly usable computer every 3 years. Do I want apple to give me new features in that old OS? Of course not. But security fixes? Absolutely! Because those "outdated" computers ARE going to get used, so not only are they hurting their user base that would like to continue using Apple computers but is being forced into this situation, but these insecure computers also hurt everyone because they make it easier for the bad people to attack others with their bot armys made easier with no updates like these.


PC users have been spoiled by Microsoft providing security patches for its 11-year-old OS (XP) but honestly if your OS is more than a couple upgrades behind I wouldn't hold the OS developer responsible for further updates. Upgrade if you want the latest in security, otherwise you're on your own. As for Enterprise response, most plan to replace PC's every 3-5 years anyway, so this has little to no impact on them.

Editor's Picks