Apple lags MS in security response

Fear of a Black Hat

By John Leyden • Get more from this author

Posted in Enterprise Security, 31st March 2008 09:16 GMT

Free whitepaper – Avoiding 7 common mistakes of IT security compliance

Apple is trailing way behind Microsoft in security patch responsiveness, according to a study by security researchers.

Stefan Frei and Bernard Tellenback of the Computer Engineering and Networks Laboratory (TIK) at the Swiss Federal Institute of Technology, analysed several years of vulnerability disclosures and patching processes from various vendors.

They found that Apple is getting worse at dealing with security problems while Microsoft is improving. Apple is experiencing more vulnerabilities, longer patching times, and more attacks on unpatched vulnerabilities, according to the duo.

Frei and Tellenback presented their findings at a presentation entitled 0-day Patch – Exposing Vendors (In)Security Performance at last week's Black Hat conference in Amsterdam. A copy of the presentation can be found here.

Colleagues of the duo reckon Apple's antagonistic attitude with security researchers is one of the reasons for its poor response.

"While I think that there are quite a few reasons why this is probably so, I’d be inclined to say that Apple’s biggest problem appears to be that they treat every new vulnerability as a potential PR disaster rather than an opportunity to visibly reinforce their work in securing their customers," writes Gunter Ollman of IBM's X-Force.

"In recent times this has most critically been reflected in the way Apple works with security researchers." ®

Free whitepaper – Certify your software integrity with Thawte code signing certificates