Originally Posted by morantis
It is a little silly to assume that because a vendor does not choose my particular app or software that they are not taking care of a certain issue.
It's even sillier to assume they are taking care of the issue given their track record. Let's hope following two previous major security incidents Apple will be more proactive instead of delayed reactive.
Mene, Mene, Tekel, Upharsin.
An example of Apple’s nonchalant approach to security is the 2009 OS X Java vulnerability that allowed for remote code execution simply by visiting a webpage. This bug was promptly fixed by Java's creator, Sun Microsystems, but Apple left the vulnerability unpatched for more than six months.
This incident prompted Ira Winkler, CISSP and president of the Internet Security Advisors Group, who is considered one of the world's most influential security professionals, to write an opinion piece in Computerworld saying the FTC should investigate MAC security.
Apple's response to the 2012 OS X Flashback Trojan was essentially the same as the Java incident in 2009. Immediately as Apple came to know about this malware attack it should have informed its users and sent out some important directives to be followed for the user’s security, but it did not. Instead of hiding the security flaw, Apple should have informed owners on how to disable Java which could have lessened the outbreak until a patch was released. In fact, this outbreak was even preventable because Oracle issued a patch for the vulnerabilities used by Flashback on February 17, but updates weren’t made available to Mac users until April 2.