The latest OS X upgrade isn’t a huge improvement, but it’s faster and loaded with small enhancements that’ll make your Mac purr, says BusinessWeek. In the meantime, Internet security company @Stake has warned of newly discovered vulnerabilities affecting Apple Computer’s Mac OS X operating system. UPDATE: Apple Computer’s latest version of its Mac OS X operating system, Panther (fourth release in 2.5 years), patches security flaws that affect previous versions of the operating system, leaving security experts wondering if users will have to pay the $129 upgrade fee to be secure.
Apple has not yet released patches for the security issues. @Stake has advised Mac users to upgrade to the latest Apple operating system, which is not vulnerable to the flaws. The operating system, OS X 10.3, or “Panther,” is priced at $129.
I thought most security firms who announce security vulnerabilities normally *demand* that the company making the OS (e.g. Microsoft) release patches.
This is the first time I’ve seen a plug to *buy* an upgrade to an OS to fix a security vulnerability.
The advisory was just issued yesterday. Give Apple a chance to patch Jaguar. Most of these “vulnerabilities” are very minor; they either:
–require local permissions (can only be exploited if the user is on the machine and is logged in) and is actually a result of installed apps and is not primarily Apple’s responsibility
–require that /core be activated which should be extremely rare indeed
–or require an authorized OpenSSH connection to be exploited; if a user has OpenSSH activated and is authorizing users to use it, there are worst things that the vulnerability that they cite that could be done.
Sounds like @Stake is earning their MS money with some FUD.
“Sounds like @Stake is earning their MS money with some FUD.”
They recommended that users *buy* the newest version of Mac OS X. MS money? Really?
Anyway, vulnerabilities, no matter how minor, are still vulnerabilities and the public has a right to know. Sounds like @Stake is just doing their job.
re: @pacbell.net – excatly. Might as well worry about your body turning inside out.
If one reads the advisories from @stake you’ll also see that they suggest a one or two other ways to “fix” these “problems”, rather than buying Panther. But I guess that isn’t as interesting.
What is currently hurting Windows most right now and helping OS X? SECURITY
What is the most common softy complaint about Panther? The upgrade price even though it is a significant upgrade.
To recommend purchasing a new OS when the advisory isn’t a day old, when the exploits are rather minor, and when there are available methods of protecting against the exploits suggests to me that they aren’t trying to help Apple with sales but rather they are trying to tarnish Apple’s image (claiming they don’t release security updates for older OSes — THEY DO).
had to make jab
http://news.com.com/2100-7355_3-5098688.html?tag=nefd_top
Read the follow up. Definitely indicating that @stake is not trying to be nice to Apple. They ARE saying that MS patch and pray procedure is better.
FUD!
🙂
I don’t mind that security firms are montioring and providing warnings about Mac. I think it’s a good thing. It’s just under this scenario and considering the circumstances, it does seem a bit fishy…
If what they’re saying is true, it looks like Apple doesn’t want to patch Jaguar. I like my Mac, but this….. this really sucks.
Pretty key phrase.
The advisories were only posted yesterday and @Stake is one of the less credible security firms.
Apple will get nowhere with the Business market unless they support at least the previous version with fixes.
No business OS vendor can refuse to do this or they will be dropped.
Put another way, businesses decide when their OS is to be upgraded to the next version NOT the vendors.
If Apple want’s business customers they will need to learn this…
I hope that Apple will not abandon those that choose not to upgrade at this time. It would be a bad business calculation by a Company that has always stayed far ahead of the Window users. My gut feeling is that these security issues will be dealt with. After all, Apple has a lot on the line.
They do know their stuff…
So far it is only conjecture on @stakes part. They say they think that apple will not support it.
There has been no statement from apple, and it is still less than 48 hours since they released the security holes.
Lets wait and see before and rush judgements are made. I wish @stake could be a little more specific about their sources, as so far as speculating that Apple will not support Jaguar with security updates.
Since that issue regarding a well known and respected IT security professional working at @Stake getting fired for releasing a paper explaining the inherent dangers of the Internet´s monoculture, which obviously deserved a little phone call from Redmond, this company lost any credibility that it could have from me.