C|Net: Apple Patches 10.3, Leaves 10.2 Users Out In The Cold

by , 8:00 AM EST, October 30th, 2003

Apple has produced a very stable, very secure operating system in OS X, but what happens when a new version comes out, like the recent OS X 10.3? According to an article at C|Net, OS X 10.2 users have been denied a security update, while users of the hot-off-the-presses version of the operating system were promptly given an update. The article also suggests that Apple may not be planning on offering much support for Jaguar, even on security issues that affect the OS. From C|Net:

On Tuesday, Apple released an advisory that indicate that the Mac OS X 10.3 upgrade--which adds an improved Finder menu, better synchronization of files and a tool to help users find a specific window on a crowded desktop--also includes more than a dozen "security enhancements."

However, Apple apparently doesn't intend to fix the flaws in previous versions of the software: Apple's Security Updates Web page doesn't list fixes for the flaws in Mac OS X 10.2 and earlier.

"It is not a friendly thing to tell your customers to shell out a lot of money to stay secure," said Thor Larholm, senior researcher for software security firm PivX Solutions. "It would be a dangerous precedent, if they did."

Apple declined comment.

You can read the full article at C|Net's Web site. Another article at eWeek has more details on the exact nature of the security holes, how they work, and how they can be taken advantage of by the bad guys.

The Mac Observer Spin:

Let us first make it clear that Apple has not said it will not support Jaguar. C|Net's article says that Apple has not yet provided a security fix for Jaguar for a problem that has been fixed in Panther. The article also points out that some other problems remain unfixed in Jaguar, but any conjecture that this is a matter of policy is at this point just that, conjecture.

Don't misunderstand us; this is a very important issue. Apple simply has to support an operating system that is barely one year old. Jaguar is likely to remain the OS of choice for a couple of million users, including those who will never upgrade (most normal computer users never upgrade their OS until or unless they buy a new machine), and those who simply feel no need to upgrade as of yet. Jaguar was a paid OS, and its users have a reasonable right to know that new security issues will be fixed in a timely answer. This is both a professional and ethical issue.

Many users have already pointed out that Microsoft typically supports an OS for five years, and we think that such a policy is indeed reasonable. Apple should do the same thing, or something close, and perhaps it will. Again, we simply do not yet know what Apple's intentions are in this regard.

One thing is certain, however; until Apple's policy is made clear, it is up to Apple's paying customer base to let the company know what it expects. No support after just one year is simply not acceptable. Hopefully, this will end up being much ado about nothing, with Apple fully intending to continue support for Jaguar.

C|Net