Last week, Apple released a new version of its Mac operating system, OS X Mountain Lion. One of Mountain Lion’s new features is Safari 6, which adds new features including the ability to enable Do Not Track from the main Preferences window.
Apple also released Safari 6.0 for Lion, the previous version of Mac OS X.
According to Apple’s page detailing the security content of this update, Safari 6.0 contains fixes for a whopping 121 vulnerabilities.
Last year on Lion’s release date, Apple released Safari 5.1 for Snow Leopard and Windows to bring them up to par with Lion’s new version of Safari. On the same day, Apple also released Safari 5.0.6, a security-only update, for Mac OS X Leopard, which was then two OS versions old.
So given Apple’s history, and given that Safari 6 included such an extremely high number of critical security updates, one might expect Apple to release updates for Windows and Snow Leopard too – right?
Unfortunately, Apple did not release security updates for Safari for either Snow Leopard or Windows to coincide with the release of Safari 6.0.
While it may seem plausible that Apple could be waiting to release security-only updates at a later date, Apple dropped a major hint that this is unlikely, at least as far as the Windows version is concerned.
Apple now redirects www.apple.com/safari/download – the former download address from which the current Windows version could be obtained – to the main Safari page.
And on that webpage, the fine print states,
"The latest version of Safari is available in Mountain Lion. The latest version of Safari for Lion is available through Software Update."
There’s no mention of Windows or Snow Leopard.
Frustratingly, there’s no warning in either the browser itself or Apple Software Update on either platform that Safari likely won’t be updated. Users have no way of knowing that their browser has at least 121 unpatched vulnerabilities and is no longer safe to use.
This, of course, leaves Safari users on those platforms more vulnerable to attack.
It seems that many users who haven’t upgraded to Lion or Mountain Lion won’t know any better and will continue using Safari unaware of the risks.
The burden of informing those Safari users should really fall on Apple.
Last Wednesday I reached out to Apple for comment about Safari for Windows and Snow Leopard. So far I have not received a response.
I also inquired of Apple back in February whether any security updates would be released for Snow Leopard after the release of Mountain Lion. Again, Apple didn’t respond.
Unfortunately for Apple, ignoring security issues that affect a large percentage of users does not make the security issues disappear.