Serious security holes fixed in Opera – but Mac App Store users left at risk again

Serious security holes fixed in Opera - but Mac App Store users left at risk again

Opera and App StoreOpera has released a new version of its web browser – version 12.13 – and recommended that users update their installations to benefit from a series of security fixes as well as the usual “stability enhancements”.

Version 12.13 of Opera for Windows, Mac and Linux is available for download from the Opera website, and you can read about the fixed security issues (including a high severity vulnerability that could be exploited to cause the web browser to crash, and in some cases execute arbitrary code such as malware, and another about how Opera handles boobytrapped SVG files) in their changelog.

It should go without saying that if you use Opera, you should update to version 12.13 as soon as possible.

But… what if you didn’t get your copy of Opera from the official website?

What if, instead, you acquired your version of Opera for Mac from Apple’s Mac App Store?

Old version of Opera in Mac App store

Well, bad news folks. Because at the time of writing the new, freshly fixed version of Opera isn’t available for you.

The Mac App store still has version 12.11 of OperaWorse still, the version of Opera in the Mac App Store is still stuck at version 12.11.

Which means that Apple hasn’t even updated it to version 12.12 which came out on the 18th December 2012! Who knows when Apple will get around to protecting those poor App Store customers with version 12.13…

In short, the version of Opera on the Mac App store is now a full two versions out of date.

The Mac App Store may be a convenient one-stop-shop for Mac users to get their software from, but it sure does a poor job at keeping that software up-to-date and ensuring that users are protected against the latest vulnerabilities.

Apple's promotion of App Store updatesAnyone who is relying on the App Store to keep their Opera browser updated, and free from security vulnerabilities is being let down badly.

As researchers like Josh Long have described before on Naked Security, the problem here is that Apple is taking too long to approve software it posts into its App Store – making its promise that the App Store “keeps track of your apps and tells you when an update is available” and that “you’ll always have the latest version of every app you own” a joke.

My advice to Opera users is to not get their software from the Mac App Store. Get it directly from Opera’s own website instead.

Some software, such as internet browsers, are simply far too risky to use if you can’t trust them to be the very latest version.

By the way, isn’t it a good thing that Mac users don’t have to rely on Apple for updates to Java anymore?