Apple Plugs Software Update Hole

hype7 writes "Apple's getting quick! Less than 5 days after the recently reported software update vulnerability was discovered, Apple have a patch plugging the hole. Apparently, packages now presented via the Software Update mechanism are cryptographically signed, and the new Software Update client 1.4.6 checks for a valid signature before installing any new packages."

Wow...5 days

[lucifuge31337]

Micrisift is nipping at their heels on turnround time. What a great position to be in.

(Insert obligtatory Linux plug here)

Re:Doesnt MS already do that?

[Peyna]

Probably, and it also checks driver updates to see if they're signed or not, but you can still tell it to install (since not every driver is going to be signed, especially if it was just released).

Re:Funny

[Bobartig]

Well, then the story comes out that they knew about the security hole before the SW reached the shelves, but it was after GM, so they conveniently "obscured" reports of it until a few months later when the release hoopla has died down, and they can release the patch without too much embarrassment.

On the flip side of things, 5 days really isn't "that" fast, or newsworthy. But what can you do? M$ is the badguy and any publicity is bad, and Apple's the underdog, and any publicity is good.