Apple keeps critical security fixes to itself
Apple has released updates for two widely distributed products that harbored a raft of security vulnerabilities, some of which were actively being exploited by miscreants. Unbelievably, the company isn't presenting either as a security fix to mainstream users despite the risk the bugs pose for its millions of users.
Update
Several reader comments have claimed there are factual inaccuracies in the above story. For support, these readers point to the security alert Apple provides for QuickTime 7.3.1 for Mac. It's great Apple is warning that it's latest QuickTime for Mac fixes security bugs. Two facts remain:
1) As the screenshot to the right makes clear, Mac users who don't read tech pubs have no reason to believe the latest Java update has anything to do with security. A reasonable person could read that alert and think there's no real rush in installing the patch.
2) The alert PC users get for QuickTime 7.3.1 similarly makes no mention of security issues. This omission is bad for the same reason.
3) The comment that these vulnerabilities only crash Macs is flat-out wrong. Hell, even Apple plainly admits these vulnerabilities allow remote execution of arbitrary code, and private researchers have also written exploit code that demonstrates this.
http://www.theregister.co.uk/2007/12/15/apple_security_fixes/