Today Apple has released a new version of its desktop operating system, OS X 10.9.3, but offered the barest of details regarding what the minor update actually fixed.
The OS X Mavericks 10.9.3 Update is recommended for all Mavericks users. It improves the stability, compatability, and security of your Mac.
* Improves 4K display support on Mac Pro (Late 2013) and MacBook Pro with 15-inch Retina Display (Late 2013)
* Adds the ability to sync contacts and calendars between a Mac and iOS device using a USB connection
* Improves the reliability of VPN connection using IPsec
* Includes Safari 7.03
Sure, it's great (for those few people with 4K displays) that they'll get snazzier looking images.
And I'm delighted for those people still in the dark ages and want to sync their Mac and iOS calendars and address books via a USB connection rather than this thing called the Internet. (Apparently this feature was available in OS X pre-Mavericks, so I suppose some people must have a reason to use it.)
But what I'm really interested in is whether Mac OS X 10.9.3 fixes any security issues. And, in particular, whether in this version of its desktop operating system Apple has fixed vulnerabilities that still remain in its mobile iOS platform.
That was the problem brought to light a few weeks ago, when Apple issued fixes in iOS 7.1.1 that had been previously fixed in the OS X version of Safari a full three weeks earlier.
As I wrote at the time:
"Every time Apple treats its smartphone and tablet customers as poor relations when it comes to security, they are putting millions of users at risk."
Apple's knowledgebase claims OS X Mavericks 10.9.3 "includes the security content of Security Update 2014-002." Good to know, but that was the security update Cupertino issued back on April 22nd. So anyone who has been keeping on top of their Apple Mac security will have already (hopefully) applied that.
Is there nothing else in the way of security?
In hope of an answer, I re-read Apple's description of the update:
For detailed information about the security content of this update please visit: http://support.apple.com/kb/HT1222
As you can see, Apple provides a link for further information about the update's security content. But guess what? At the time of writing, if you click on the link you'll find nothing. As normal, Apple is dragging its heels about posting information about the nature of this security update - leaving the very people who are perhaps keenest to make informed decisions about the importance of updating sooner rather than later in the dark.
Hopefully in a few hours, Apple will actually post some more information about the security-related content in this update for those people who are interested.
But I find it astonishing to believe that a company which prides itself on slick launches and presentation fails every time to release security information in a co-ordinated fashion.
I would like to think that the only true security updates (beyond the improved VPN support for those with IPsec connections) in OS X 10.9.3 are those already covered by Security Update 2014-002 last month. But, because they have dawdled in releasing information, I'm somewhat left in the dark.
If you believe you know, definitively, what security issues Mac OS X 10.9.3 fixes, or if you have an opinion on how Apple releases security updates - why not leave a comment below?