Security updates matter – even when we don’t know what they’re for

Anthony Caruana
23 October, 2017
View more articles fromthe author

This editorial was first published in our weekly newsletter. Subscribe to get Mac and Apple news delivered to your inbox each week.

Last week, two security researchers revealed that they had discovered a flaw in the way devices connect to wireless networks using the WPA2 security protocol. The precise details of the flaw aren’t super important. What matters is the consequences of an attack using this flaw.

Security, apple, mac, ios, macworld australiaDubbed KRACK (Key Replacement AttaCK), the flaw can be used to intercept communications on wireless networks. As the researchers were acting ethically, they revealed the flaw and how it worked to a number of major technology companies, including Apple, so they had time to find a fix for the flaw and make it available.

Microsoft released a fix on 10 October 2017 – over a week before the flaw was made public. Apple has been testing a fix in the beta versions of iOS, macOS, watchOS and tvOS, which will be in the hands of the broader public soon.

The lesson here is that sometimes we simply don’t need to know the details of everything that is fixed when an update is issued. The reason security flaws are specifically enumerated in the release notes accompanying fixes is that telling the world about a flaw highlights details that could be exploited by bad guys.

It would be great to know precisely everything that is included when Apple, or any other software company, issues a software update. But sometimes, not telling us everything is for our own good.

When updates for your devices arrive, it is important to install them.

Leave a Comment

Please keep your comments friendly on the topic.

Contact us