Apple Safari 4.0.3. Is it a 'haphazard' security update?
Apple is updating its Safari web browser on both Mac and Windows platform to version 4.0.3. The new browser releases fixes at least 6 different security issues that could potentially expose users to risk.
The Safari 4.0.3 update follows a Mac OS X 10.5.8 update by a week, which has caused one security analyst to label Apple's software update process as occurring,"...at a haphazard pace."
"This release makes the contrast between the security processes of Microsoft
and Apple even more stark," Andrew Storms, director of security operations for
nCircle, said in an e-mail sent to InternetNews.com. "Microsoft's release was planned, but Apple's updates
seem to arrive at a haphazard pace."
I personally disagree with Storms' comments. As a Linux user myself, I'm used to getting updates, when updates are needed and available and not at some arbitrary monthly level. Certainly the Safari browser is an integral part of the Mac OS X experience but it is also a standalone application that has millions of Windows users too, that don't necessarily need to be tied to the Apple OS X updates.
Looking at the Safari 4.0.3 update itself, two of the fixed issues - one for ImageIO and one for CoreGraphics - are both malicious image issues for Windows users. Similar issues were fixed in Mac OS X 10.5.8 itself at an operating system level and not the browser level.
Additionally, Safari 4.0.3 includes, three advisories for issues affecting its WebKit rendering engine. WebKit is a technology also used by Google Chrome and as such, I suspect that there is a level of what I will call 'developer diplomacy' that Apple needs to navigate in order not to expose other WebKit users to risk pre-maturely.