SSL hell: Apple's software isn't good enough
25th Feb 2014 | 14:54
Time to double down on quality, Tim
Let's play word association. Insecure. Buggy. Arrogant.
Did you say Microsoft?
Bzzt! Wrong answer!
I'm talking about Apple.
As I write this, OS X users are still waiting on a patch for a critical security flaw that means online banking on a public network is a really bad idea.
We're hearing that the bug will be squashed in the forthcoming OS X 10.9.2 update, which apparently also fixes problems with Mavericks' Mail that cause messages to disappear for no good reason, along with multiple other bug fixes.
Meanwhile, iOS users are hoping that the forthcoming iOS 7.1 update will stop their devices rebooting all the time and sort the serious bugs in AirPlay mirroring.
Whatever happened to It Just Works?
The fix is in, eventually
In 2012, Tim Cook made a solemn vow: "We're going to double-down on secrecy on products." Perhaps he should have doubled down on staffing for Apple's software.
The current SSL problem is a particularly embarrassing one for Apple: having disclosed it but not fixed it, Apple has put Safari users - and anyone else using OS X apps that need SSL - in a potentially vulnerable position.
Fixing iOS - including iOS 6 - but not OS X suggests one of two things. Either Apple doesn't really give a toss about OS X users, or it doesn't have enough people to patch two OSes simultaneously (John Gruber reports a third one that's doing the rounds of conspiracy theorists: that the flaw is there because the NSA is using it).
The problem isn't that Apple software has vulnerabilities and bugs. All software has that. The problem is that the vulnerabilities and bugs don't appear to be getting fixed very quickly.
This matters, because Apple's appeal is built on a hard-won reputation for quality, a reputation that enables Apple to charge premium prices for its products. You pay Apple prices because it just works.
When it doesn't - when Safari crashes your iPad for the umpteenth time, when you're reading advice not to do anything important on public Wi-Fi until Apple gets round to patching your OS, when you can't trust your computer's default email client - you start to wonder what exactly you're paying for.
This isn't an Apple-is-doomed post. It'll take a lot more than an unpatched SSL vulnerability to drive sensible people from OS X to Windows 8. But these things matter, and the more of them there are the more they'll matter to even the most committed Apple owners.
The people I'm seeing post about Apple issues aren't Samsung fans or Microsoft evangelists: they're the people you'll usually find first in line whenever there's a new toy in the Apple Store.