www. O S N E W S .com
News Features Interviews
BlogContact Editorials

Apple quickly fixes severe security flaw in macOS
By Thom Holwerda on 2017-11-29 23:45:16

So there's been a big security flaw in Apple's macOS that the company fixed in 24 hours. I rarely cover security issues because where do you draw the line, right? Anyhow, the manner of disclosure of this specific flaw is drawing some ire.

Obviously, this isn't great, and the manner of disclosure didn't help much either. Usually it's advisable to disclose these vulnerabilities privately to the vendor, so that it can patch any holes before malicious parties attempt to use them for their own gains. But that ship has sailed.

I've never quite understood this concept of "responsible disclosure", where you give a multi-billion dollar company a few months to fix a severe security flaw before you go public. First, unless you're on that company's payroll, you have zero legal or moral responsibility to help that company protect its products or good name. Second, if the software I'm using has a severe security flaw, I'd rather very damn well please would like to know so I can do whatever I can to temporarily fix the issue, stop using the software, or take other mitigating steps.

I readily admit I'm not hugely experienced with this particular aspect of the technology sector, so I'm open to arguments to the contrary.

49  Comments - Printer friendly - Related stories
Recent related stories
- Reverse engineering the macOS High Sierra supplemental update - 2017-10-09
- Apple open-sourced iOS and macOS kernel for ARM - 2017-10-02
- Apple releases macOS High Sierra - 2017-09-26
- Apple sets release dates for macOS High Sierra, iOS 11 - 2017-09-12
- "We need to document macOS" - 2017-08-13
- More related articles
 

Tell a friend
Your full name:
Your email address:
Your friend's email:
Anti-spam measure:
5+2=

News Features Interviews
BlogContact Editorials


WAP site - RSS feed
© OSNews LLC 1997-2007. All Rights Reserved.
The readers' comments are owned and a responsibility of whoever posted them.
Prefer the desktop version of OSNews?