Yesterday, both Apple and Microsoft issued whopper security patches. The way they were handled shows that Apple has a lot to learn from Microsoft about security. Here are the four most important ones.
Patch it faster
As this latest patch shows, Apple is very slow at fixing security problems with Mac OS X. Two of the security problems were big ones, uncovered in March at the “Pwn2Own” annual hacking contest sponsored by 3Com’s TippingPoint. Waiting two months to fix the problems is simply too long. On March 27, Mozilla fixed the security problem found with Firefox. And it turns out that the version of Internet Explorer 8 hacked at the conference wasn’t final, and the final version of IE 8 wasn’t vulnerable.
The Apple patch fixed a total of 67 bugs. The Microsoft one fixed only 14. The reason? Microsoft issues these patches regularly, so they’re out the door as quickly as possible. Apple waits far longer, and issues them in a bigger batch.
According to Computerworld, many of the patches were related to Open Source applications or components integrated with Mac OS X, such as Apache Web server and the WebKit browser rendering engine. Andrew Storms, director of security operations at nCircle Network Security, said that he had seen patches for those security holes issued for Linux nearly half a year ago in December. Yet Apple waited until May to fix them.
Storms also said that Apple should follow the way that Microsoft issues patches more frequently. Here’s what he told Computerworld about Apple waiting longer than Microsoft to issue patches:
