Critical security warning issued for Mac OS X 10.5 Leopard

The security update for leopard has been released.

The question is not what version of OS X people are running, but whether they have the sense God gave a turnip. The exploit in question, like virtually all reported OS X exploits, requires the user to do something stupid. With or without a security patch, the best protection is to think before clicking.

Not upgrading to Snow Leopard is just stupid, if possible naturally. I'm sure Apple will release a security fix.

If you are still on leopard and using an intel machine... believe me 29€ are worth a fantastic update.

One thing here that I question is this idea that Apple should be offering security patches on five year old OS'es. Sorry folks but that is way to old in computer time. Apple needs to keep up to snuff one OS revision back from the front. At Apples current rates of development that means about four years out of a OS release. For maintenance of code four years is a very long time.

On the other hand I have to agree that Apple has to be more responsive to security issues and bugs for software it is maintsining. I'm actually hoping that app store for the Mac will go a long way to improving this situation. That is the OS ought to be broken down into pieces (where it makes sense) so that updates are constant. What I'm talking about here are apps like Mail, Safari, iCal, Preview, Text Edit and others that are apps yet part of Mac OS. Some like Safari already have update programs but I'm looking at the whole picture here. Of course things like system libraries are tricker but apps and utilities are a different story.

This would make maintenance something like on Linux systems. One central location for up to date code. This could be a huge win for Apple. I know we don't have all the dwtails yet and there are a lot of fears expressed in the community but an app store could be an excellent enhancement for system.

Or maybe Apple is still doing QA on the patch and the patch isn't yet up to their QA standards for release yet and CoreLabs are being jerks about this for free media attention. Occam's razor, folks.

It's kind of a clever, yet dangerous tactic to leave the patches till the threat gets a bit more serious.

Who in their right mind would work hard to exploit a bug to create a virus for it to be thwarted on day one by something up jobs' sleave.

Why should users have to wait for a security update roll-up to patch a critical vulnerability? Why can't it just be released immediately? I'd much rather have security patches rolled out to me immediately instead of waiting until the end of the month or quarter. Is it just a smokescreen to say "Ha! We're more secure than Windows! We don't push out nearly as many security patches as Microsoft does."? No, that's just one giant mega-patch for a hundred different vulnerabilities. I always preferred "patch Tuesdays" to this. Besides, wasn't iOS 4.0.2 released back in August? They've had since at least the beginning of September to work on a patch for this vulnerability.

I would think the only people running still running Leopard would be PPC users. Would an exploit for this have to be coded for PPC as well?