If you are using the Apple Mac App Store you might be putting your computer's security at risk.
That's the finding of security researcher Joshua Long who has warned that the App Store has not published the latest versions of various applications, despite the fact they can include critical security updates.
Here's part of Long's warning:
Third-party Web browser maker Opera has released version 11.11 of its software, which fixes a "critical" security issue.
Mac users who have downloaded Opera through the App Store may find themselves using a copy of Opera that is now two versions old, 11.01, which was released back in March and is vulnerable to the security bug patched in 11.11.
Users who rely on the App Store to tell them whether their software is up-to-date may not be aware of the security risks and may continue to use an unsafe version of the Opera browser.
Long says that he contacted Apple and Opera about the issue. Opera replied saying that they were waiting on Apple to approve the next version of Opera for Mac (Apple's approval is necessary before anything gets posted in the Mac App Store).
Put in simple terms, Apple seems to be falling short of the promise it makes in its promotion of the App Store that it "keeps track of your apps and tells you when an update is available" and that "you'll always have the latest version of every app you own."
And, it appears, that Opera is not the only application in the Mac App Store that is out-of-date and might be vulnerable to security flaws. Long points out that Amazon's Kindle app in the App Store, for instance, hasn't been updated since January.
So, the key question is, how quickly is Apple going to approve the latest Opera update, and other software which might have been updated to secure against critical security vulnerabilities, for the App Store?
Because if Apple can't update software containing critical security patches to the App Store in a timely fashion, users might be wiser getting their software via a more conventional route - such as (in the case of Opera) a direct download from the vendor's own website.
Read more about the App Store issue in the article posted by Joshua Long on of security researcher Joshua Long who has The JoshMeister blog.
I'd like to see the App store connect to normal Apple Update notices, plus scan all things purchased in the App store for updates. Expecting most users to open the App store when they aren't shopping for new things seems unrealistic.
Paul Graham wrote about this all the way back in november of 2009:
http://paulgraham.com/apple.html
That was the stupidest post I've read in a while. Every resold software package on earth large or small from any vendor is downloaded needing a minor update. Crap, my new computer needed a minor update long before I brought it home, while Windows updates its sorry ass practically every day.
To say that the App Store delivers vulnerable software is a narrowly lensed commentary on the entire software reseller structure, and has nothing to do with the app store itself.
Incredibly stupid post that would never have gained any traffic if it did not reference the Apple brand.