The iTunes 11.2 Upgrade Fiasco Challenges Our Trust in Apple

| Editorial

The way Apple has handled the iTunes 11.2 upgrade bug that made the /Users folder invisible is troubling. It's a matter of concern how and why it happened, that an OS bug should be introduced in an iTunes update, and how Apple handled the fix.

____________________

First of all, it's very important for app updates to be completely orthogonal to OS operations. If there's a methodology in the script for an app update that affects the operating system, then the update process should come under considerably more scrutiny. It needs to be rethought.

Apple's QA process should have caught this. How can an engineer test the installation of a new version of iTunes and not test all the related areas? That is, users may not be aware of the impact of having Find My Mac (FMM) turned on, but OS engineers are expected to be aware of secondary effects via their expertise.

Customers have come to expect that with the maturity of a 13 year old OS, there is increasing stability in both the OS itself and install techniques. As we know, Apple has steadily added features to OS X over the years to make it more useful and compelling, but the underlying philosophy must always be a regard for the basics of OS integrity over novelties and added features.

It's been said that adding more programmers to a project doesn't speed up the work; it slows it down. But QA testing, painstaking work that it is, can always benefit from more experienced, curious, savvy testers. Letting the customers find terrible bugs in a new release is greatly damaging to Apple's image, much more so in magnitude than paying for additional tests.

Apple's Approach to Handling in Question

Of further concern is the way Apple handled the fix. Once it was understood how the iTunes 11.2 update, in concert with FMM, could cause an important system folder to become invisible, it would have been reasonable to surmise that a great many users were affected by this bug. Accordingly, it was disingenuous for the Mac App Store release notes for iTunes 11.2.1 not to mention that it fixed this specific problem that some users were having with the OS.

Instead, Apple quietly mentioned the issue in its Apple Product Security Notes—something that not many customers subscribe to—very late on May 16. Plus, there was a mention in an Apple support note, on the weekend, just to be all official. From the security note:

iTunes 11.2.1 is now available and addresses the following: A local user can compromise other local user accounts Description: Upon each reboot, the permissions for the /Users and /Users/Shared directories would be set to world-writable, allowing modification of these directories. This issue was addressed with improved permission handling.

1. When Apple makes a public mistake that affects OS usage, there should be a public acknowledgement, and the discusion shouldn't be directed off the beaten path. That just leads to a questioning of our trust in Apple.

2. When what is eventually characterized as a security snafu is identified, it shouldn't be rolled out in another iTunes app update that has nothing to do with the problem introduced with the OS. Does Apple routinely hold back a batch of minor update items for each app so that these kinds of errors can be covered up in an innocuous looking update? The list of changes in iTunes 11.2.1 certainly made it look like that.

There's feeling here at TMO is that this iTunes 11.2 affair was badly handled. An app installer that contained a bug that never should have affected the user's view of the OS was released simultaneously with an OS update. That led many to mistakenly suspect the OS X 10.9.3 update. Then, the problem wasn't acknowledged. Then an updated iTunes app was released, instead of a security update, that obscured the fix to the OS issue for the average user.

We have come to expect more from Apple.

Comments

compuser

I second your frustration with OS integrity being dependent on an app’s changes.  It’s similar to what Apple has done in Safari>Preferences>Reset Safari.  If you reset Safari and start up iTunes, you find that your iTunes Store login password was deleted from iTunes and you must reenter it.  If you’ve locked down cookies in Safari for whatever reason, you are subjected to repeating dialogue boxes asking for your iTunes password…entering which does not solve the problem.  It’s only if you remember that you tightened down on cookies in Safari and loosen the restrictions in that app that you can enter your Apple ID password in iTunes and it will accept it.

Mark Trencher

I approach many Mac upgrades with great trepidation. So many times there are problems, and when you look them online you you see that they are known problems that Apple has ignored. It really is not the old reliable and easy Apple any more.

Howie Isaacks

Big freakin’ deal! This was such a non-issue that I never even noticed it. Why don’t all you complainers just downgrade to Snow Leopard? Better yet.. go back to OS 9. Apple is not perfect. No one is. The people bitching and whining about this act as if the recent update rendered their Macs totally unusable. Starting with Lion, Apple started hiding the user Library folder. No one was harmed. By default, our Documents, and Desktop folders are loaded into the Finder sidebar. Most people don’t go straight to the /Users folder anyway.

jhorvatic

Everyone can make a mistake even Apple. It happens especially in computing. They fixed it. No harm done and making a big conspiracy out of it is just dumb. Nothing to see here, move along.

melgross

Compuser, of course when you reset a program you’re going to have to re-enter much information. What do you think reset means? That’s not an Apple fault, that a user’s lack of basic program understanding.

Adam Red Beard Page

Why do you expect apple to reveal to the world that users had open security exploits on thier machines before giving users time to install the update that fixed it. Maybe it was handled badly, but telling hackers that the buffet was open would not have benefit anyone.

BlackCorvid

I held off updating iTunes (as I usually do) and missed all the User folder fun. I have a problem since updating to 11.2.1 that is at least as disturbing. I subscribe to a podcast that provides weekly videocasts on a subscription basis and since installing 11.2.1 iTunes repeatedly forces me to login (and locks up iTunes until I do). Is anybody else having this problem?

Eva Brain

Given the premium consumers pay for Apple computers, perfection is something consumers should not only expect from Apple, it’s something consumers should demand. The Apple disciples need to stop making excuses every time their favorite company screws up and blows the dog!  Had a look http://bit.ly/1ngIPEi

Fiorentino Iantosca

I’ve been in Quality Assurance since 1996. This is an epidemic across all large software companies. QA always takes a back seat and/or is offshored for cheap labor. It’s been going on for years. Companies outputting software that is not fully ready and allows users to ultimately do the testing. It’s ridiculous and customers should be holding these companies accountable.

vpndev

Howie - you’re right that most people don’t deal with the /Users folder. But that doesn’t mean that no-one was affected. I saw a number of reports of app failures because the permissions had changed.

Constable Odo

I know there are people saying that as much as they have to pay for Apple products, those products should be perfect and never have any problems.  Oh, well.  Good luck with that sort of expectation.  I figure something is always going to slip through the cracks and since no major harm was done I suppose it’s business as usual for Apple.  I’m fairly certain every company has some trials and tribulations to overcome and Apple is no different.  Wealthier than most but they still can make mistakes.  I never noticed there was a problem with iTunes 11.2 so I guess I was just lucky.  I installed iTunes 11.2.1 and as far as I’m concerned everything seems is just fine.

YodaMac

Sorry, but I fall in the “meh” category of users on this one.  I read about the “invisible user folder” issue one day, then read about the fix apple supplied a day or so later (not sure of the dates) - I use my iPhone and iPad for most of my needs and by the time I got around to updating iTunes on my desktop it had apparently been fixed, so - no big deal.  Nothing was deleted, just hidden by a glitch.  Glitch was solved, nothing lost.  If we were still talking about this because NO FIX had been issued, then I’d be more on your side saying Apple was not handling it well.  But they solved it pretty dang quick.

J. Locke

First of all, nearly everyone who uses a Mac missed the intermediate iTunes update since Mac users are typically using their Mac to do something else with their life, not sitting around tech blogs waiting for the next update to be released.

Mac App Store auto update would not have updated to the intermediate fix because it typically waits a few days anyway. Apple issued a fix in less that 24 hours, I’m pretty sure. So if you missed the call to the technocrati from your favorite blogger to update iTune and Mavericks, chances are by the time you updated, you got the fixed version of iTunes anyway.

What WASN’T mentioned in this article is that _because_ the home directory had world writable permissions as a result of the iTunes bug, OS X’s logic _decided_ it should be hidden to mitigate the problem of interactive users clicking on bad things (like Kids seeing my Home directory from their account as an icon). So the OS responded the best it could to the situation, which Windows or even Linux would have just proclaimed “well you wanted it world writable, so here you go with your bad self.”

So ease off on the “shaken trust” in Apple. They made a mistake, that developer is probably Soylent Green by now powering the iCloud server farm, and the world order is restored.

Log-in to comment