Photo (cc) by Kansir
It was a long four days for Mac users waiting for Apple Inc. to issue a fix for a critical security flaw in Macintosh computers.
The security bug, dubbed “gotofail,” left users vulnerable to account hijacking and potential eavesdropping, CNET says.
The OS X computer operating software fix issued on Tuesday follows an iOS fix issued for iPhones last week.
That caused many to wonder: What the heck took so long? And how about a detailed explanation?
“Instead, it’s been left to journalists … and outside security researchers … to explain what’s happening in blog posts as well as tweet advice out to alarmed Macheads lucky enough to be on Twitter to see it,” Kashmir Hill wrote on Forbes.
By not releasing the iOS and OS X fixes simultaneously, Apple left laptop and desktop users vulnerable during that time — and security experts aghast at the company’s delays. Ryan Lackey, a longtime Apple user who founded CryptoSeal, said on Twitter yesterday that: “Whoever at Apple decided to wait 4+ days for 10.9.2 to patch the OSX vulnerability needs to no longer be in that position.”
How long has this flaw been around? Apple’s not answering that either. Says Reuters:
Researchers have said the bug could have been present for months. Apple has not said when or how it learned about the flaw in the way iOS handles sessions, in what are known as secure sockets layer (SSL) or transport layer security. Nor has it said whether the flaw was being exploited.
Are you an Apple user? What do you think of Apple’s response to the security flaws? Share your comments below or on our Facebook page.