Serious security holes fixed in Opera - but Mac App Store users left at risk again

Filed Under: Apple, Featured, Malware, OS X, Vulnerability, Web Browsers

Opera and App StoreOpera has released a new version of its web browser - version 12.13 - and recommended that users update their installations to benefit from a series of security fixes as well as the usual "stability enhancements".

Version 12.13 of Opera for Windows, Mac and Linux is available for download from the Opera website, and you can read about the fixed security issues (including a high severity vulnerability that could be exploited to cause the web browser to crash, and in some cases execute arbitrary code such as malware, and another about how Opera handles boobytrapped SVG files) in their changelog.

It should go without saying that if you use Opera, you should update to version 12.13 as soon as possible.

But... what if you didn't get your copy of Opera from the official website?

What if, instead, you acquired your version of Opera for Mac from Apple's Mac App Store?

Old version of Opera in Mac App store

Well, bad news folks. Because at the time of writing the new, freshly fixed version of Opera isn't available for you.

The Mac App store still has version 12.11 of OperaWorse still, the version of Opera in the Mac App Store is still stuck at version 12.11.

Which means that Apple hasn't even updated it to version 12.12 which came out on the 18th December 2012! Who knows when Apple will get around to protecting those poor App Store customers with version 12.13...

In short, the version of Opera on the Mac App store is now a full two versions out of date.

The Mac App Store may be a convenient one-stop-shop for Mac users to get their software from, but it sure does a poor job at keeping that software up-to-date and ensuring that users are protected against the latest vulnerabilities.

Apple's promotion of App Store updatesAnyone who is relying on the App Store to keep their Opera browser updated, and free from security vulnerabilities is being let down badly.

As researchers like Josh Long have described before on Naked Security, the problem here is that Apple is taking too long to approve software it posts into its App Store - making its promise that the App Store "keeps track of your apps and tells you when an update is available" and that "you'll always have the latest version of every app you own" a joke.

My advice to Opera users is to not get their software from the Mac App Store. Get it directly from Opera's own website instead.

Some software, such as internet browsers, are simply far too risky to use if you can't trust them to be the very latest version.

By the way, isn't it a good thing that Mac users don't have to rely on Apple for updates to Java anymore?

, , , ,

You might like

2 Responses to Serious security holes fixed in Opera - but Mac App Store users left at risk again

  1. Nigel · 597 days ago

    What is happening with Apple? The search functions are scandalously lame (try finding an invisible file), and this business of hiding the user Library (starting with Lion) is idiotic.

    The first time I used Mac App Store I was horrified at how little control over the management of my applications it actually leaves to me. The only time I have used it since then is when a developer offers no other option. Fortunately, that rarely happens.

    This nonsense of not having the most recent versions is just another FAIL in Apple's increasing trend to dumb down Mac users.

  2. Bob · 596 days ago

    I'm indebted to you and Naked Security for the Opera update warning. Automatic updates are enabled but my Opera version is still 12.12. Search For Updates tells me I have the latest version, as did Qualys.com browser checker. I go to the Opera site manually and it invites me to download the latest version, 12.13. Why is Opera leaving me unprotected? Not happy.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.