C'mon Apple.. This is (as far as i understand) a one-liner fix! In opensource land this would be fixed and packag-manager-updatable in less then 24hrs. Probably less then 6.
The fact that it takes sooo long, and that the fix will be bundled in a blob with all sorts of other "fixes" gives me the feeling that one attack-vector cannot be closed until another is available. I got this feeling years back when a huge back-door-enabling was not closed for months until big fat service pack was issued that "fixed" it (amongst fixing a million+1 other things; probably opening the next attack-vector).
Consider that this fix doesn't just remove the goto, it enables code that previously wasn't being run or tested. They need to verify that it works and doesn't segfault, otherwise important services (like the update system itself) could end up being broken. This includes testing on all Macs that can run Mavericks, which is a larger and more complex set of hardware then iOS.
This. Apple caters to millions and millions of people, acting rash and pushing out a fix that's not thoroughly tested could cause a lot of damage to their brand. The sad fact is the majority of people wont/don't care about this issue so it's not in apple's best interest to push out a fix that isn't thoroughly tested.
Please, stop it with the strawmans. Microsoft can push an update like this in a day, and Windows runs on .. well every hardware ever made to run anything.
Umm...they can? Do you have any examples of this? All this time, has it just been that Windows security vulnerabilities have been found on the second Monday of every month?
> Consider that this fix doesn't just remove the goto, it enables code that previously wasn't being run or tested.
Good point. Still the update will likely come as part of a large blob.
Finally, I'm just disagreeing with the "tech savvy" crowd going en-masse for Apple products. OSX is a huge step fwd to Windoze in terms of internal software architecture -- yet it carries the same risk as it is proprietary and closed in parts that are critical to its security.
Yes Mr IT-geek; your MBP is probably rooted from the moment you opened the box.
I'm not 100% sure, but I think that the Mac update system actually uses this code - if it starts failing they can't send out any more signed updates to people. Far better to wait one or two days more to make sure that you're not about to break some of the more important functionality in the OS, I would think.
C'mon Apple.. This is (as far as i understand) a one-liner fix! In opensource land this would be fixed and packag-manager-updatable in less then 24hrs. Probably less then 6.
That was my first thought as well, but on reflection this sort of logic has a certain "quality." (Yes, that's a reference.)
The fact that it takes sooo long, and that the fix will be bundled in a blob with all sorts of other "fixes" gives me the feeling that one attack-vector cannot be closed until another is available. I got this feeling years back when a huge back-door-enabling was not closed for months until big fat service pack was issued that "fixed" it (amongst fixing a million+1 other things; probably opening the next attack-vector).
Call me paranoid.