Apple

Apple Shocks Security World with Safari 5.1.8 for Snow Leopard

Posted on March 17th, 2013 by

Apple has a strange and inconsistent policy on security updates for Snow Leopard (aka Mac OS X v10.6.8), the now two generations old version of its OS X desktop operating system.

As I mentioned last year, Apple seemed to have stopped releasing security updates for Safari 5.1, the final major release of Safari for Snow Leopard and Windows.

Safari 6.0 was only available for Lion and Mountain Lion (OS X v10.7 and v10.8, respectively), and it patched a number of security vulnerabilities that had existed in Safari 5.1.7. Since then Apple released 6.0.1, 6.0.2, and then 6.0.3 this past week. Just over 200 vulnerabilities have been patched beginning with Safari 6.0 that apparently never made it into a Safari 5.1 update.

This past week, Apple finally (and very silently) bundled Safari 5.1.8 with the Snow Leopard version of Security Update 2013-001.

Safari 5.1.8 Screenshot

Strangely, Apple has not released any details whatsoever about this update on its Apple security updates page. There was no mention of Safari 5.1.8 in the Security Update 2013-001 article or in the Safari 6.0.3 article, and there was no separate article mentioning Safari 5.1.8 either. Thus it is unknown whether the 201 vulnerabilities patched between Safari 6.0 and 6.0.3 have also been patched in 5.1.8.

Meanwhile, Apple continues to leave users of Safari for Windows out in the cold. There is no update available via the Apple Software Update application on Windows—nor is there any warning that the outdated version 5.1.7 contains numerous vulnerabilities that make it unsafe to use.

No Safari 5.1.8 for Windows

Still no Safari updates for you, Windows users!

Apple is in desperate need of a consistent policy regarding security updates for its software. While Microsoft has a clear support lifecycle policy that includes publicly disclosed deadlines for each product, Apple seems to release updates for older versions of its software inconsistently, as evidenced by the disturbing 10-month gap in between Safari 5.1.7 and Safari 5.1.8 for Snow Leopard.

About Joshua Long

Joshua Long has a master's degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Business Administration and Computer and Information Security. Josh's research has been featured by many fine publications such as CNET, CBS News, ZDNet UK, Lifehacker, CIO, Macworld, The Register, and MacTech Magazine. Look for more of Josh's security articles at security.thejoshmeister.com and follow him on Twitter and Google+. View all posts by Joshua Long →

Join Our Awesome Email Newsletter

Enter your email address below to start receiving the best Mac Security Updates.

{"url":"\/marketo\/json\/add-to-newsletter","data":"list_name=Blog Roadblock"}