Month of Apple Bugs: a retrospective

Stephen Withers
Friday, 02 February 2007 10:05

Your IT - Home IT

Did anyone previously think or claim that Mac software was bug free whether it was written by Apple or third parties? I don't think so.

Is anyone surprised that small developers can release bugfix releases more quickly than Apple? They shouldn't be. The bigger you are, the more extensive testing is required. If Apple makes a change in QuickTime, for instance, it potentially affects many thousands of programs.

That also explains why the MoAB Fixes team were able to release patches within a few days even without the benefit of working from the source code. All they had to do was make sure each patch overcame the bug it was supposed to address. If that change broke a few well-known programs (not that any did, as far as I'm aware), it didn't really matter: people could uninstall the patch.

In any case, it's not that all the bugs were critical. I can't get excited about local privilege escalations, for example, as anyone with physical access to a Mac can boot from the Mac OS X installer disc and reset passwords. And for ordinary users, denial-of-service exploits are mostly irritations - having to force-quit Safari is a nuisance, but it's not as bad as having to do that to (eg) TextEdit when you haven't saved the file you're working on.

It's the remote or quasi-remote exploits that are the real worry, such as day 4's photocast exploit. Most of us are reasonably cautious about downloading software and reading suspicious emails, but viewing someone's photocast or opening a PDF file are supposed to be safe. Sure, this isn't the first-ever PDF exploit, but you know what I'm getting at.

So yes, the Month of Apple Bugs has drawn attention to the existence of flaws in Mac software, and maybe the platform isn't as secure as some people had liked to think. But where was the disclosure that knocked everyone's socks off?