Apple to Fix Security Holes in Jaguar

Simon Cozens writes "Yesterday's unsubstantiated report that Apple is refusing to supply security upgrades to Jaguar turns out to be untrue; Apple told MacCentral they will be fixing the bugs turned up by @stake. Next conspiracy, please!"

Damn straight

[admiralfrijole]

Of course Apple is going to fix them, they still support the 10.2 Server, so they have to...

Damn Windows zealota making shit up...

Of course they were...

[jason.hall]

Apple would have been 100% insane if they were to leave people out in the cold, who bought their operating system just a week ago!!

Re:Yesterday's bickering only mindless speculation

[Trigun]

I don't think that Apple deserves more or less credit than any other company. The same goes for the benefit of the doubt. The only thing that they deserve is us to wait for verification before villianizing the company.

Apple has not signed up as a Templar knight any more than Microsoft has sold its collective soul to the devil.

This might not be good news.

[EvilStein]

Apple rolled several security updates into that thing called 10.2.8, which has caused many people no end to troubles, especially those with older hardware.

Yes, I have a beige G3. Yes, I've put a much faster ZIF processor in it. It's a small OS X Server. 10.2.8 screwed up all *kinds* of things.

Can Apple please release the security updates individually so we can apply them as needed instead of bundling them into a dot-whatever release?
That's all I ask, Apple. I'll buy a shiny new G4 (or G5) when I can actually afford it. (No, they're not too expensive, I'm just flat broke. :P)

Re:This might not be good news.

[jeffasselin]

If you'd actually read the apple tech article that was released soon after the G5 were shipping (on august 25th), you'd have known that it didn't work:

http://docs.info.apple.com/article.html?artnum=8 64 44

Re:This might not be good news.

[WNight]

You'd think it would work that way, but from my experience in testing I find that multiple small releases are easier to work with. You can be much more precise about what they affect and the testing is easier. Then, once you've run a full regression test on each individually you have a fairly good chance of being able to combine them all without any problems. If you just glom a bunch of things together you can't predict the impact very accurately and you end up doing a bunch of "wasted" testing.

Also, you don't end up with the situation where SP2 hoses some program, because you can mark that specific patch, usually a tiny one, as causing problems and people can apply all the rest. The fact that only one small patch is a problem means that only one small patch needs to be fixed and retested, if you had to replace the whole service pack you'd have to retest it all.

Re:were they always going to?

[Llywelyn]

Actually I would tend to think that someone who has nothing to do with the decision process might have told someone at @stake something which vaguely resembled that there were no plans for it. @stake and company spun the information accordingly.

Whether Apple had any prior plans? Their track record says "yes," though there is no way we are ever going to find out one way or the other.

Now can you please put the tinfoil away? It's making a horrible sound.

the million $ question is...

[tota]

would they have done it as quickly without @stake first finding these bugs then putting bugtraq and media pressure on apple?

Almost certainly...

[Trillan]

I doubt they told @stake they weren't going to fix them. I doubt they told @stake they were going to fix them. In fact, I doubt they even told @stake that the flaws didn't affect Panther... @stake probably found that out and told Apple.

Apple doesn't talk details in unreleased products.

There's a couple reasons we're seeing this press release:

• @Stake acted unethically and went to the press early to get their name seen.
  Ethical reporting of security flaws involves going to the company and giving them time to get a patch out. Then, one or both companies announces the flaw... and includes details of the patch. @stake jumped the gun and did not use white hat practices.
• ZDNet engaged in wild speculation with typical bias.
  ZDNet decided that @stake's announcement meant Apple wasn't going to fix the problem, and decided to give it a spin. As they actually indicated in their story, they did not wait for a comment from Apple before rushing the thing to press.

Hopefully, @stake will do better next time. But I doubt their role in this will be examined very carefully.

I know ZDNet will do the same thing next time. They smell any blood around Apple, they're the first to paint a picture of mass destruction, mayhem and cats and dogs sleeping together.

If @stake hadn't jumped the gun, we'd have seen a press release some time next week on Apple's site about the security flaws, with a fix, and with credit to @stake for finding them. How do I know this? Because it's what they've done every other time, including with 10.1 after 10.2 was released!

Re:Apple DID NOT initially plan to patch Jaguar

[MoneyT]

One person's "initial conversations" That could have been as simple as him calling tech support and asking the question. Or asking one of the employees at the apple store. Not everyone in Apple knows everything that's going on at every minute.

Re:Apple DID NOT initially plan to patch Jaguar

[Lars+T.]

Unlike Apple, however, MS didn't make NT 4.0 users wait until after Win2k shipped before bothering to release the fixes for NT 4.0. Jaguar users shouldn't have had to wait until after Panther shipped to get those security fixes.

Well, genius, will you give your time-machine to Apple so they can send the fix back to before they A) shipped Panther and B) were informed of the bug after A)? As for Microsoft, they sure as hell fixed bugs in NT 4 after Win2k shipped, as well as after XP shipped - and NT4 is EOL, so they won't fix any more bugs that are found, and there will be more bugs found in NT4.

Re:Apple DID NOT initially plan to patch Jaguar

[MoneyT]

Even the statement "I don't know of any plans to patch" could easily have been translated as a no by anyone. Corporate and government doublespeak often use "I don't know of any plans" to say no, but cover their ass if plans change. But since there was no official statement from Apple, he spoke to one person, and could not even provide a direct quote, I would take the statement with a grain of salt.

It's not different than the "anonymous sources close to the whitehouse said..." those sources could just have easily been the president or the janitor. That is why you should take anonymous statements with a grain of salt.

No one is trying to rewrite history, as there was no definative statement from Apple.

Sensationalism?

[Mikey-San]

I only have a simple question, really:

If the original story, about Apple not fixing security holes in Jaguar, made the front page, why didn't this?

Fox^H^H^HSlashdot: Fair and Balanced.