On Friday, Feb 21st, 2014, Apple issued an update for iOS. Apple’s website noted a serious flaw in SSL. On Tuesday the 25th, Apple finally released an update for Mac OSX (10.9.2) to address the flaw. I do not know if other, pre 10.9 Mavericks versions of Mac OSX are getting this update, or if iOS 6 users are receiving patches.
Considering Microsoft has supported Windows XP for over a decade and is only soon about to pull the plug, I find it shocking that Apple would only push these patches on their very latest operating systems, considering the severity of the flaw.
I didn’t even put the meme text on there, you said it in your head
To make matters worse for Apple, a new keylogging vulnerability has been discovered in iOS. Long gone are the days of “that’s not our problem” for Apple product owners. Lots of people had the impression that Mac’s don’t get viruses, and few “regular people” even realize that their smart phone is an attack vector. As the platforms Apple produce grow in popularity, the size of the target on their back is bound to grow.
Although some things simply need to be patched to ensure you are protected, I would personally suggest Mac owners look to ESET Cyber Security or Cyber Security Pro for keeping yourselves safe. That is my personal, unsolicited recommendation. But a bigger deal is the fact that Apple only seems to update their operating systems when they have new features to unveil. They roll their large security fixes into these feature packed releases. It is time for Apple to adopt a more Microsoft-like approach with regular patching intervals.
I’m always surprised to learn that people still haven’t seen the pattern. Microsoft created Patch Tuesday back in 1998. With some more crucial patches being released “Out of Cycle” – the majority of fixes on Windows operating systems since the late 1990’s have been delivered via “Patch Tuesday.” The 2nd Tuesday of every month is when Microsoft releases Windows Updates as well as updates for their other major products, like Microsoft Office. Windows Phone has yet to adopt this sort of rigorous release schedule, but that leaves it on par with all major mobile OS’s. Apple’s iOS sees frequent updates, but certainly not what one would call “regular” updates, just as with their desktop environment. Just today, ZDNet’s Larry Seltzer mentioned several vulnerabilities still present in various versions of OSX, from Lion to Mountain Lion to Mavericks. Leopard and Snow Leopard appear to be out entirely in the cold, at this point.
Windows users aren’t safe, though. This doesn’t mean all of the attention is shifting to Apple owners. There are so many attack vectors on Windows (thanks to 3rd party applications like Java and Flash) that Windows is still pretty ripe for attack. And I still expect a firestorm to come in April. Let’s be honest, if I were a hacker and I had an exploit for Windows XP, I would be sitting on it right now. Wait until Windows XP is officially End of Life’d and then release my creation into the wild. I expect a deluge of new Windows XP-targeting attacks this April, it only seems logical.
Still, as the large thumb print of Apple grows, and literally as the device starts to learn your thumbprint, the desire to intercept information on your iPhone is going to grow and grow. You can bet that hackers are still trying to find the best way to achieve their goal, but that anything and everything will be tried. Fake web pages, old fashioned exploits, and even apps that sneak through approval process and into the iTunes App Store and get approved will exist in the coming months and years. Hopefully, though, the technology industry has learned, and things don’t end up as bad as they were in the Windows world ten years ago (when tech-savvy alone wasn’t enough to protect you, you had to have an antivirus program!).
If all of this isn’t enough to make you worry, just remember that even your routers are under attack.