| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Oct 2003 20:30:05 -0500 From: "Joshua Levitsky" <jlevitsk@...hie.com> To: "Thor Larholm" <thor@...x.com>, <bugtraq@...urityfocus.com> Subject: Re: Mac OS X vulnerabilities ----- Original Message ----- From: "Thor Larholm" <thor@...x.com> Sent: Tuesday, October 28, 2003 2:23 PM Subject: Re: Mac OS X vulnerabilities > When most vendors are notified of security vulnerabilities in their products, > they produce a patch for the affected versions of the software and distribute it > for free. Does Apple plan to distribute a free patch for these security > vulnerabilities to Mac OS X 10.2, or will my clients have to spend $129 per > workstation (the single user upgrade price) to have their Apple computer stay > secure? This is the first line of the APPLE-SA-2003-10-28 Mac OS X 10.3 Panther email sent to the Apple Security list today.... "Mac OS X 10.3 Panther has been released, and it contains the following security enhancements:" That sounds like they expect you to upgrade. Time will tell of course. Apple has only had a real OS for about a year or so. (Everything before 10.2 was unusable and certainly Mac OS 9.x was a childrens toy, not an OS.) If Apple is responsible then we should see 10.2 patches backported. I think it's reasonable that 10.3 patches come, and then 10.2 patches, and Apple should have some Life Cycle policy to say if everything before 10.2 is EOL or not. It's all a new world with Apple. Let us hope that they do not let us down. -- Joshua Levitsky, MCSE, CISSP System Engineer Time Inc. Information Technology [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
Powered by blists - more mailing lists