14 DAY TRIAL // Security software firm Sophos is accusing Apple of neglecting Safari users running OS X Snow Leopard and Windows, pointing out to over a hundred unpatched vulnerabilities in the company’s web browser.
With the release of OS X Mountain Lion this month, Apple rolled out the latest version of its standard web browser, Safari 6.
The software delivers a bunch of new features that make web surfing a lot better, as well as 121 individual patches for the latest security holes.
All good efforts on behalf of the Cupertino giant, except the security side of the update should have made it into older versions of Safari on Snow Leopard and Windows machines as well, according to Joshua Long writing over at Sophos’ Naked Security blog.
“Last year on Lion's release date, Apple released Safari 5.1 for Snow Leopard and Windows to bring them up to par with Lion's new version of Safari,” Long writes. “On the same day, Apple also released Safari 5.0.6, a security-only update, for Mac OS X Leopard, which was then two OS versions old.”
“So given Apple's history, and given that Safari 6 included such an extremely high number of critical security updates, one might expect Apple to release updates for Windows and Snow Leopard too - right? Wrong,” says Long.
The security researcher explains that Apple this year failed to release security updates for Safari for either Snow Leopard or Windows to coincide with the release of Safari 6.0 in Mountain Lion.
“While it may seem plausible that Apple could be waiting to release security-only updates at a later date, Apple dropped a major hint that this is unlikely, at least as far as the Windows version is concerned,” he explains.
On the main Safari page, Apple’s fine print says, “Tthe latest version of Safari is available in Mountain Lion. The latest version of Safari for Lion is available through Software Update.”
So while OS X (10.7) Lion users can install Safari 6.0 manually to apply the security fixes, “there's no mention of Windows or Snow Leopard,” reports Long.
“Frustratingly, there's no warning in either the browser itself or Apple Software Update on either platform that Safari likely won't be updated. Users have no way of knowing that their browser has at least 121 unpatched vulnerabilities and is no longer safe to use,” he points out.
“This,” Long concludes, “leaves Safari users on those platforms more vulnerable to attack.”