![]() ![]() The flipside of this approach, of course, is that all Apple security updates – even comparatively unimportant ones that close off minor vulnerabilities that Apple itself discovered privately – feel like emergency updates, because they always arrive so suddenly and unexpectedly. Why not play your cards close to your chest so you don’t inadvertently give the crooks a head start? So why give anyone, especially the crooks, advance warning of what’s coming? (Bear in mind that, although all security vulnerabilities are exploitable in theory, many or most bugs that get patched are close to impossible to exploit effectively in real life – you might be able to figure out how to crash a program, for example, but not actually to take it over and implant malware or steal data.) Generally speaking, finding vulnerabilities in a complex software bundle is much easier if you know roughly where to start looking, in the same way that it’s a lot easier to solve a crossword puzzle clue if you know the first letter of the answer. ![]() ![]() The idea behind security patches that “just show up” is that as soon as any update is announced or published, crooks and legitimate researchers alike start trying to work backwards from the fix in order to figure out the details of the underlying vulnerability and how it might be exploited. Interestingly, Apple says that the official reason for doing it this way, rather than having a more regular process that you can plan around, is: “ For the protection of our customers“. There’s no equivalent of Microsoft’s Patch Tuesday, which is a regular and predictable fixture in anyone’s cybersecurity calendar there’s no “new version every fourth Tuesday” as there is with Firefox there’s no predetermined quarterly schedule for patches as you get with Oracle’s products.Īpple’s approach is to keep everything under wraps until a working update is ready, and then to announce its patches at the same time that they are available for download:Īpple doesn’t disclose, discuss or confirm security issues until an investigation has occurred and patches or releases are generally available. Apple, rather unusually in today’s cybersecurity world, rarely announces that security fixes are on the way. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |