Not surprisingly, when Opera Software released the new version of its browser earlier today, Opera 11.50, it didn't make it to the Mac App Store.
You may recall that last month Opera 11.11 was released, and the version in the Mac App Store was two versions (and two months) old and contained a publicly-disclosed security issue rated as "critical." After contacting Apple and Opera, and after much press coverage thanks to my article warning users about the issue, Apple finally published the then-current version 11.11 in the Mac App Store.
Apple's Mac App Store is still distributing Opera 11.11, which is now outdated and publicly known to contain no less than three vulnerabilities, two of which have been publicly disclosed. One of the three vulnerabilities (the details of which have not yet been disclosed) is rated by Opera as "moderately severe," while Opera rates the severity of the two publicly-disclosed vulnerabilities as "high" ("Data URIs may be used to initiate cross site scripting against unrelated sites") and "low" ("Issue with error pages can cause a system crash").
Like last month, I notified both Apple's security team and Opera about the issue on the day of the new version's release. It will be interesting to see how long it takes Apple to approve the new version and begin distributing it in the Mac App Store; last time it took a full week after I notified Apple's security team about the issue.
If you missed my previous article on the subject, I recommended that if you have downloaded Opera from the Mac App Store, you can just drag the outdated copy of the application into the Trash, and then replace it with a fresh copy downloaded from Opera's site at http://www.opera.com/download/
On an unrelated note, I have been doing a lot of research lately on the "Mac Defender" malware that has been causing a stir since the beginning of May. I am pleased to announce that I will soon publish my findings here on this site, so please subscribe to be sure you don't miss out on those details.
UPDATE, 6 July 2011: It took Apple just over a week after Opera released version 11.50 before the new version became available on the Mac App Store. Hopefully at some point Apple will begin to improve its app approval process to fast-track security updates, especially when vulnerabilities have been disclosed publicly or exist in popular software. For now, if an app is available directly from its publisher, it's probably a good idea to download it from the publisher's site rather than via the Mac App Store.
For more from the JoshMeister on Security, please subscribe via e-mail or RSS, or follow me on Twitter.
Tuesday, June 28, 2011
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Comment moderation is enabled. (If you wish to contact Josh privately, you can leave a comment and ask that it not be published.)